Security wi - Hardware 2024

Today's routers come with different security options: WPA2-PSK (TKIP), WPA2-PSK (AES), and WPA2-PSK (TKIP / AES). Choose the wrong option, and you will have a slower and less secure connection. The last option (using TKIP and AES together) ends up being the standard on most routers, because it seems that putting all the rules together makes the network more secure.

This is a bad choice, but to understand the options, you have to understand a bit of the encryption standards in wireless networks.

WiFi Security What to choose: AES or TKIP?

TKIP and AES are two different kinds of encryption that can be used on a Wi-Fi network. TKIP is an acronym in English (Temporal Key Integrity Protocol), it is an encryption protocol introduced with the arrival of WPA, to replace the WEP protocol, which had already become very insecure.

We recommend reading our guide to the best routers on the market.

TKIP is quite similar to WEP, which is why it is already considered outdated and without adequate security. In other words: avoid using TKIP on your wireless network.

AES stands for " Advanced Encryption Standard ", a more secure protocol introduced with the advent of the WPA2 standard, which replaced WPA. AES is nothing more than a standard developed specifically for Wi-Fi networks; it is a global encryption standard adopted by the United States government. While the code "PSK" in both names means "pre-shared key", that is, your encrypted password.

WPA uses TKIP and WPA2 uses AES

In summary:

TKIP is an older encryption protocol, used by the old WPA standard. AES is a newer Wi-Fi encryption solution, used by the new and secure WPA2 standard.

In theory, this is it. But, depending on your router, simply choosing WPA2 may not be enough. While WPA2 was designed to be used with AES and enhance security, it also provides the option to use TKIP for greater compatibility with older devices. Thus, WPA2 compliant devices connect to WPA2 and WPA compliant devices connect to WPA. For this reason, "WPA2" does not always mean WPA2-AES. Either way, on devices that have no choice between "TKIP" or "AES, " WPA2 is generally synonymous with WPA2-AES.

Knowing the Wi-Fi security modes

If you don't know the best security option to choose, take a look at the options that routers offer:

Open or Open (risky): Open Wi-Fi networks do not ask for a password. An open Wi-Fi network should never be configured. Even if it is to offer a wireless network for several people. WEP 64 (risky): The old WEP encryption is vulnerable, and should not be used. Its name, "Wired Equivalent Privacy" (something like the equivalent of a wired network) today is one of the most insecure options. WEP 128 (risky): WEP with crypto key higher than the previous one and that does not help much. WPA-PSK (TKIP) - This is the WPA or WPA1 encryption standard. It is already obsolete and insecure. WPA-PSK (AES): It is the most modern wireless WPA protocol with AES encryption. Routers with AES support almost always support WPA2, and devices that need WPA1 rarely have AES encryption support. As you can see, this option doesn't make much sense. WPA2-PSK (TKIP) - This combination uses the modern WPA2 standard with old TKIP encryption. It's not secure, and it's only a good idea if you have older routers that don't connect to the WPA2-PSK (AES) network. WPA2-PSK (AES): this is indeed the safest option. It uses WPA2 (the latest Wi-Fi encryption standard), along with the latest protocol, AES. You must use this option. On routers with a simpler interface, the option marked "WPA2" or "WPA2-PSK" must already be associated with AES. WPA / WPA2-PSK (TKIP / AES) (recommended): This is an option that encompasses all possibilities and devices. You are going to enable WPA and WPA2 with TKIP and AES. There will be maximum compatibility with older devices, but it also means that a hacker attack can invade your network, as you will have older (and less secure) devices involved in the network. This TKIP + AES option can be called "mixed" mode WPA2-PSK.

WE RECOMMEND YOU Netgear Orbi RBK30 Review in Spanish (Complete Analysis)

Devices manufactured after 2006 have AES support

WPA2 certification was available in 2004. In 2006, WPA2 became mandatory. Any device made from 2006 that has a “Wi-Fi” logo must support WPA2 encryption.

If you are not sure about the age of any device, select WPA2-PSK (AES) and see if any device is not working. If the device stops connecting, go back to the previous configuration (and plan to buy a newer device). In our case, we always recommend the use of the Asus router of the RT-AC66, RT-AC68U and RT-AC88U series, which are the top of the range on the market and currently the safest at the domestic level.

WPA and TKIP make your Wi-Fi slower

WPA and TKIP compatibility options can slow down your wireless network. Many modern Wi-Fi routers, with support for fast networks like 802.11n, drop at a speed of 54mbps if you enable WPA or TKIP. These encryptions do this to be compatible with older devices.

In comparison terms: 802.11n networks support speeds of up to 300mbps, but only if you are using WPA2 with AES. Theoretically, an 802.11ac network offers a maximum speed of 3.46 gb / s, under perfect conditions. WPA and TKIP transform a modern Wi-Fi network into a very secure area.

In summary, on most routers the options are generally WEP, WPA (TKIP), and WPA2 (AES), with perhaps a WPA (TKIP) and WPA2 (AES) compatibility mode.

If you have a router that offers WPA2 with TKIP or AES options, select AES. Your devices are designed to work with this option, in addition to having a faster and more secure connection. So now you know: AES is the best option .