Home / Definitions / WPA2-PSK


Vangie Beal
Last Updated August 4, 2022 4:14 am
WPA2-PSK icon.
Source: Freepik for flaticon.com.

wirelessThe term WPA2-PSK refers to Wi-Fi Protected Access 2—Pre-Shared-Key or WPA2-Personal, which is used to protect network access and data transmission by using an AES (Advanced Encryption Standard) or TKIP (Temporal Key Integrity Protocol) encryption method. It is designed for home users and small offices to protect their network without an enterprise authentication server. The user can encrypt a network with WPA2-PSK by providing a plain-English passphrase between eight and 63 characters long.

How does WPA2-PSK work?

To encrypt a network with WPA2-PSK you provide your router not with an encryption key, but rather with a plain-English passphrase between 8 and 63 characters long. Using a technology called TKIP (for Temporal Key Integrity Protocol), that passphrase, along with the network SSID, is used to generate unique encryption keys for each wireless client. And those encryption keys are constantly changed. Although WEP also supports passphrases, it does so only as a way to more easily create static keys, which are usually comprised of the hex characters 0-9 and A-F.

Evolution of Wireless Network Security Protocol

Wireless security is a significant aspect while considering the transmission of data over a wireless network. Insecure transmission of data may lead to the installation of malware, data loss, stealing of account credentials, and more. Therefore, it’s essential to understand the evolution of the basic wireless security standards and their specifications, including WEP, WPA, WPA2, WPA3, TKIP, and AES, before coming to WPA2-PSK.


Wired Equivalent Privacy or WEP was introduced in 1997 as the first security standard for wireless networks. It uses hexadecimal value key 64 or 128 bit, and it’s static, as it uses a single key to encrypt all data regardless of device. WEP makes the data uninterpretable to data intruders. However, some systems were developed to decrypt the data, which led to the origin of WPA.


Due to the vulnerabilities of WEP, the Wi-Fi Alliance made revisions to WEP over time and came up with WPA, or Wi-Fi Protected Access, in 2003. WPA is based on TKIP, which uses 128-bit keys for each data packet along with Message Integrity Checks (MIC). It makes it difficult for intruders to decrypt the data; however, the weakness of some WPA elements made it possible for data intruders.


Although WPA2, based on a Robust Security Network (RSN), was introduced in 2004, it didn’t become mandatory for all new devices with the wireless network until 2006. The main difference between WPA2 and WPA is the association of CCMP, or Counter Mode with Cipher Block Chaining Message Authentication Code Protocol, which uses AES algorithms. AES uses the key length of 128, 192, or 256-bit. Therefore, it’s unbreakable even by brute force. WPA2 has two modes WPA2-PSK and WPA2-Enterprise.


As the third iteration of WPA, WPA3 was introduced in 2018, and its enterprise version uses AES 256-bit in GCM (Galois/Counter Mode) along with SHA 384 (Secure Hash Algorithm) instead of MAC in WPA2. It also replaces PSK with SAE (Simultaneous Authentication of Equals) along with minimum algorithm encryption of AES-128.


TKIP uses the increasing key length up to 128-bits and creates a unique 48-bit serial number for each data packet that prevents collision attacks. TKIP also helps to reduce the risk of replay attacks as the 48-bit serial number takes thousands of years to repeat. However, it’s vulnerable to attackers as they only need an authentication key.


AES uses CCMP protocol, and it encrypts plaintext into ciphertext instead of using stream ciphers. It comes with a key length of a maximum of 256-bits, as it is more difficult for hackers to decrypt the data. 

Different WPA2-PSK security options based on the use of encryption method


WPA2-PSK (TKIP) is a WPA2-PSK wireless security standard with the TKIP encryption method along with CCMP. It generates encryption keys by using a pre-shared key and an SSID (Service Set Identifier). Even though it’s not a completely secure protocol, it’s possible to connect with older devices that can’t connect with the latest WPA2-PSK (AES).


It is the most secure personal version of WPA2, and it uses the latest AES encryption method. WPA2-PSK (AES) uses long passwords to secure data and offers a more secure network for home users. However, if the user is using an old hardware, they may experience reduced network performance as WPA2 needs more processing power to safeguard their networks.


WPA2-PSK (TKIP/AES) is often used by those whose system does not support AES. While using WPA2-PSK (TKIP/AES), users may take more time to transmit data than using WPA2-PSK (AES), which may lead to low productivity. 

How does WPA2-PSK work?

WPA2-PSK encrypts the data by using a router with a long passphrase of eight to 63 characters. The TKIP encryption method of WPA2-PSK also requires a network SSID along with a passphrase to generate encryption keys that are unique for each wireless client.

While using WPA2-PSK (AES), the user generates a password to connect with the router, and the user can connect to WLAN when the router identifies the user by matching the password.

WPA2-PSK encryption can secure the data that is transmitted between the router and the network device through a wireless connection.

Advantages of using WPA2-PSK

  • Provides an added layer of protection by using the AES encryption protocol.
  • Eliminates the risk of using a shared password.
  • Supports TKIP and AES protocols; therefore, both old and new devices can use this wireless security standard.

Can WPA2-PSK be hacked?

Like all other wireless security standards, WPA2-PSK isn’t 100% secure against hacking. When the user tries to connect with a wireless network, it’s essential to go through the process of 4-way handshake, a process of exchanging authentication messages between the user and the access point to generate encryption keys. During this process, hackers can easily get the password by using software or hardware tools available.

Which is more secure, WPA-PSK or WPA2-PSK?

  • WPA2-PSK offers a high-speed network connection.
  • WPA2-PSK is a hardware security module, whereas WPA-PSK is a software security module. 
  • WPA2-PSK uses modern security standard WPA2 along with TKIP or AES encryption protocol, whereas WPA-PSK can only use TKIP encryption protocol.
  • WPA2-PSK uses longer passwords than WPA-PSK and, therefore, is more secure. 

Read more about the differences between WEP and WPA in the “Did You Know?” section of Webopedia.