Wi-Fi Protected Access II (WPA2)
What is WPA2?
WPA2 is a security standard released by Wi-Fi Alliance in 2004. WPA2 implements the mandatory elements of IEEE 802.11i. In particular, it includes mandatory support for CCMP, an AES-based encryption mode.
WPA2 versions / modes
WPA2 provides two operation modes: Personal (PSK) and Enterprise. Both use a strong encryption method called AES-CCMP to encrypt data transmitted over the air.
What’s the Difference Between WPA2 Enterprise and WPA2 Personal?
The main difference between these security modes is in the authentication stage. WPA2 Personal uses pre-shared keys (PSK) and is designed for home use. WPA2 Enterprise uses IEEE 802.1X, which offers enterprise-grade authentication and is specifically designed for use in organizations.
Personal mode is very easy to implement, however it actually makes properly securing a business network nearly impossible. Unlike with the Enterprise mode, wireless access can not be individually or centrally managed. One passphrase for everyone.
If single password should need to be changed, it must be changed on all devices. You will need to change the password on the access point or router and then enter that new password on all your other network devices the next time they connect. That will be a moderate inconvenience for the typical home with just a handful of Wi-Fi devices. For a business with dozens of devices on its wireless network, it could be a major pain.
Instead of everyone using the same Wi-Fi password to connect to the network, each user is assigned a unique user ID and password in Enterprise mode. Any user account that becomes compromised can be changed individually or revoked entirely without impacting anyone or anything else.
The Enterprise mode also prevents users on your network from snooping on each other's traffic, capturing passwords, or hijacking accounts, since the encryption keys (exchanged in the background) are unique to each user session.
Enterprise (EAP/RADIUS) mode provides the security needed for networks in business environments. It offers individualized and centralized control over access to your Wi-Fi network. Users are assigned login credentials they must present when connecting to the network, which can be modified or revoked by administrators at anytime.
Users never deal with the actual encryption keys. They are securely created and assigned per user session in the background after a user presents their login credentials. This prevents people from recovering the network key from computers.