Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II are the two security protocols and certification schemes (WPA2). To protect wireless computer networks, the Wi-Fi Alliance has created these. Because of the significant flaws in the prior system, Wired Equivalent Privacy, the Alliance developed these protocols (WEP).

In 2003, WPA, also known as the IEEE 802.11i draught standard, became available. The Wi-Fi Alliance created it as a stopgap measure before the more complex and secure WPA2, which became available in 2004 and is a common abbreviation for the complete IEEE 802.11i (or IEEE 802.11i-2004) standard.

With several security upgrades over WPA2, the Wi-Fi Alliance announced the release of WPA3 in January 2018.

WPA -

Designed to replace WEP, the WPA is a transitional measure. Wireless network interface cards that were made for WEP in 1999 could be updated with WPA firmware. However, the majority of pre-2003 APs could not be upgraded to support WPA because more changes were needed in the wireless access points (APs) than on the network cards.

The IEEE 802.11i standard is almost entirely implemented by the WPA protocol. WPA adopted the Temporal Key Integrity Protocol (TKIP). On wireless access points and devices, WEP uses a 64-bit or 128-bit encryption key that must be manually entered and that, once entered, cannot be changed. Because TKIP uses a per-packet key, it dynamically generates a new 128-bit key for every packet and thwarts the kinds of attacks that made WEP vulnerable.

A Message Integrity Check built into WPA is intended to stop an attacker from changing or resending data packets. This took the place of the WEP standard's cyclic redundancy check (CRC). The main problem with CRCs was that they didn't offer strong enough data integrity guarantees for the packets they handled. There were well-proven message authentication codes to address these issues, but they were too computationally intensive for use with older network cards. The integrity of the packets is checked by WPA using the TKIP message integrity check algorithm. Although TKIP is significantly more secure than a CRC, WPA2 uses a more secure algorithm.

The message integrity code hash function, Michael, which is used to extract the keystream from short packets for use in re-injection and spoofing, was found to have limitations that are similar to earlier WEP flaws.

WPA2 -

WPA was replaced by WPA2. IEEE 802.11i's mandatory components were implemented by WPA2, which is subject to Wi-Fi Alliance testing and certification. In particular, it included essential support for the AES-based CCMP (Counter Mode CBC-MAC Protocol) encryption mode. In September 2004, certification started. As of March 13, 2006, WPA2 certification is required for all new devices to display the Wi-Fi trademark.