Introduction
Wi-Fi has evolved through several IEEE 802.11 amendments, each improving speed, range, or efficiency. Alongside these speed improvements, Wi-Fi security has evolved separately through a series of encryption and authentication protocols: WEP, WPA, WPA2, and WPA3. Knowing both the performance generations and the security generations is essential for configuring networks correctly and avoiding badly outdated, insecure setups.
Cricket analogy: Wi-Fi speed generations are like cricket's evolving bat technology getting more powerful decade by decade, while security protocols are like the sport's separate evolution of anti-corruption measures (WEP, WPA, WPA2, WPA3), and a team needs to track both the bat tech and the integrity rules to avoid an embarrassing setup.
Explanation
Common 802.11 generations include: 802.11a (1999, 5 GHz, up to ~54 Mbps), 802.11b (1999, 2.4 GHz, up to ~11 Mbps), 802.11g (2003, 2.4 GHz, up to ~54 Mbps), 802.11n / Wi-Fi 4 (2009, 2.4/5 GHz, up to ~600 Mbps with MIMO), 802.11ac / Wi-Fi 5 (2013, 5 GHz, up to several Gbps with wider channels and MU-MIMO), and 802.11ax / Wi-Fi 6 / 6E (2019+, 2.4/5/6 GHz, multi-Gbps with OFDMA and improved efficiency in dense environments). Each generation raised theoretical maximum speeds and improved spectral efficiency, but actual throughput depends heavily on interference, distance, and the number of connected clients.
Cricket analogy: 802.11a/b/g are like cricket's early ODI era with limited over-rates, 802.11n/Wi-Fi 4 is like T20's introduction boosting scoring pace, and 802.11ac/ax (Wi-Fi 5/6) are like the modern Big Bash era with multiple simultaneous matches (MU-MIMO) squeezing more action into less time, though a packed stadium still slows things down.
Security has followed a separate track. WEP (Wired Equivalent Privacy) was the original Wi-Fi encryption scheme but is now considered completely broken — its RC4-based implementation and short, static keys can be cracked in minutes with widely available tools, so it should never be used. WPA (Wi-Fi Protected Access) was a stopgap that used TKIP to patch WEP's weaknesses on existing hardware but is also now considered insecure and deprecated. WPA2 introduced CCMP encryption based on AES, a much stronger cipher, and is still widely deployed and reasonably secure for personal/home use, though its WPA2-Personal (PSK) mode is vulnerable to offline dictionary attacks against weak passphrases, and it suffered from the KRACK vulnerability (patchable via updates). WPA3 is the current standard, replacing the PSK handshake with SAE (Simultaneous Authentication of Equals), which resists offline dictionary attacks, and mandating stronger encryption; it is the most secure option today and should be preferred when supported by both router and client.
Cricket analogy: WEP is like an old, easily-picked pavilion lock anyone can bypass in minutes, WPA is a patched-up lock that's still weak, WPA2 is a solid modern padlock (AES) though a weak combination (passphrase) can still be guessed, and WPA3's SAE is like a biometric lock that resists brute-force guessing entirely.
Example
# Rough guide to picking Wi-Fi security when configuring a router
def recommended_security(supports_wpa3):
if supports_wpa3:
return "WPA3-Personal (or WPA2/WPA3 mixed mode for compatibility)"
else:
return "WPA2-Personal (AES-CCMP) -- never WEP or WPA/TKIP"
print(recommended_security(supports_wpa3=True))
# -> WPA3-Personal (or WPA2/WPA3 mixed mode for compatibility)Analysis
The practical takeaway is that speed standards (a/b/g/n/ac/ax) and security standards (WEP/WPA/WPA2/WPA3) are independent axes: a router can support the newest 802.11ax speeds while still being misconfigured with obsolete WEP security, which would be a serious mistake. Because WEP and WPA/TKIP are broken or deprecated, any network still using them should be treated as effectively unencrypted from a determined attacker's perspective. WPA2-AES remains acceptable when WPA3 is unavailable, but WPA3 should be the default choice on new hardware, and mixed WPA2/WPA3 transition modes exist to support older client devices while pushing capable devices to the stronger protocol.
Cricket analogy: A team can field the fastest bowlers in the world (802.11ax speed) yet still play under outdated, corrupt umpiring rules (WEP), which would be a serious mistake, so groundstaff should default to modern, well-officiated conditions (WPA3) with WPA2 as an acceptable fallback and a transition setup for older gear.
Key Takeaways
- 802.11 generations roughly increase in speed: a/g (~54 Mbps) < n/Wi-Fi 4 (~600 Mbps) < ac/Wi-Fi 5 (multi-Gbps) < ax/Wi-Fi 6/6E (higher multi-Gbps, better efficiency in dense networks).
- WEP is broken and must never be used; WPA (TKIP) is deprecated and insecure by modern standards.
- WPA2 (AES-CCMP) is still acceptable but has known weaknesses (weak-passphrase dictionary attacks, KRACK).
- WPA3 (SAE) is the current strongest standard and resists offline dictionary attacks against the handshake.
Practice what you learned
1. Which Wi-Fi security protocol is considered completely broken and should never be used?
2. What encryption scheme does WPA2 use that WEP lacked?
3. What does WPA3's SAE handshake improve over WPA2-Personal's PSK handshake?
4. Which of these correctly orders 802.11 generations from oldest/slowest to newest/fastest (approximately)?
Was this page helpful?
You May Also Like
Wireless Networking Basics
How devices communicate over radio waves instead of cables, and why wireless networks need collision avoidance rather than detection.
Network Security Basics
Learn the core principles that keep networks safe: confidentiality, integrity, availability, and the controls that enforce them.
Common Network Attacks
Recognize how common network attacks like DoS, MITM, ARP spoofing, DNS spoofing, and port scanning work — and how to defend against them.