Reply to post: Re: WPA or WPA2?

RC4 crypto: Get RID of it already, say boffins

Sandtitz Silver badge

Re: WPA or WPA2?

"Basically, you probably have only one option left on your wifi access point (AP) that provides even a modicum of security. It is WPA2 with a pre-shared key or PSK and AES for encryption. The 2 is important and the AES is important. Turn off the rest."

While WPA2 with AES is safe at the moment, I can only recommend that solution for very small companies and homes. For the rest the only reasonable solution is to use WPA2 Enterprise (Radius authentication).

With PSK you mostly need to hand the key to the end-user, and they have access to the WLAN even after they have left the company. Changing the PSK on each device is fine for a handful of devices but with say 50 users it's already getting difficult to reach all people and safely distribute the key. With Radius the user just uses the user name and password on AD/LDAP, and if the said user leaves the company the deactication of that account automatically removes the WLAN rights.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019