Wi-Fi Protected Access 3 (WPA3) is the latest standard for wifi encryption. Enabling WPA3 on your eero network provides added security for devices that support the WPA3 standard. This includes a new encryption method, SAE (Simultaneous Authentication of Equals), and MFP (Management Frame Protection).
In WPA3, SAE replaces WPA2-PSK (Pre-shared key) mode, providing protection against offline dictionary attacks that can affect WPA2.
MFP makes it impossible for an attacker to pretend to be your access point and attempt a deauthentication attack. A deauthentication attack allows an attacker to kick any of your devices off of the network at any time by pretending to be your access point. MFP ensures that clients only listen to management frames from your AP.
eero’s WPA3 feature operates in “transition mode,” meaning WPA3 capable devices will connect using this new standard, and unsupported devices will continue to use WPA2.
How to enable WPA3
WPA3 is available in the eero Labs section of your app, which can be found under the Discover tab. Simply toggle the feature on to start using WPA3.
How to determine if a device is using WPA3
Each connected wifi device now indicates whether it is connected using WPA2, WPA3, or without a password. Tapping into device details for each device will show the current method.
Issues to watch out for
Even though transition mode is designed to support WPA2 and WPA3 simultaneously, our testing has revealed interoperability issues with some legacy devices. We would like to highlight a few of the interoperability symptoms we have encountered to help prepare you for some behavior you may experience:
- Clients appear to be associated using WPA2 but cannot get an IP address because the DHCP client on the connected device is not responding to incoming packets from the eero APs
- The eero network appears as an “Open” network, preventing clients from connecting
- When attempting to connect to the eero network from a list of available wifi networks, the client device is unable to connect
- Client devices display an 'incorrect password' error when attempting to connect
- Client devices switch continuously between WPA2 and WPA3 and ask for the password every time
If you notice a device isn’t able to connect after turning on WPA3 or if you're seeing other symptoms mentioned above, you may need to update that device to the latest available software or use an updated device if available. We recommend contacting the device manufacturer for any devices that have difficulty connecting when WPA3 is enabled.
Known Problematic Devices
Below are some of the devices or software versions may have compatibility issues with WPA3.
- Devices using Apple iOS 12.2 (newer versions of iOS work correctly)
- Chamberlain MyQ Garage Door Opener
If you are a device maker and believe your above product now works with WPA3 transition mode, please email us at firstname.lastname@example.org.