wirelesssecuritynetwork-plusBeginner | Intermediate | Advanced27 min read

What Is Wi-Fi Protected Setup? Security Definition

Also known as: Wi-Fi Protected Setup, WPS, wireless security, CompTIA A+ wireless, Network+ security

Reviewed byJohnson Ajibi· Senior Network & Security Engineer · MSc IT Security

This page mentions older exam versions. See the Current Exam Context and Legacy Exam Context sections below for the updated mapping.

On This Page

Quick Definition

Wi-Fi Protected Setup, often shortened to WPS, is a feature that helps you connect devices like phones or printers to your Wi-Fi network without typing the long password. Instead, you can press a button on your router or enter a short code. It is meant to be quick and easy, but it can also create security risks. Many older routers have this feature, and certification exams test your knowledge of both how it works and why it is considered unsafe.

Must Know for Exams

Wi-Fi Protected Setup appears in several major certification exams, most notably CompTIA A+ and CompTIA Network+. In these exams, WPS is tested as part of the wireless networking and security domains. For CompTIA A+ (220-1101 and 220-1102), the term is found under the networking section, specifically objectives related to configuring wireless networks and understanding security settings on routers. For CompTIA Network+ (N10-008 and N10-009), WPS appears under Network Security, where candidates must understand common security threats and mitigation techniques. The exam expects you to know that WPS is a feature designed to simplify client configuration, that it has two modes (push button and PIN), and that the PIN method has a significant security vulnerability due to the way the PIN is validated.

In exam questions, WPS is often listed among a set of router settings. A typical question might show a configuration screen for a wireless router with several options enabled, and you must identify which setting poses a security risk. WPS is almost always the correct answer in such scenarios. Another common question format is a multiple-choice question where you are given a scenario: a user reports that a neighbor has accessed their home network without knowing the password, and you must recommend a solution. Disabling WPS is often the correct immediate action. The exam may also ask about the difference between WPS and more secure methods like 802.1X or WPA3. You should be prepared to explain that WPS is not considered secure for enterprise environments.

The exams also test your understanding of the WPS PIN vulnerability. You might see a question that asks: How many possible PIN combinations does an attacker need to test to crack a WPS PIN? The correct answer is approximately 11,000, not 100 million. This number comes from the fact that the PIN is split into two halves, with the last digit being a checksum. Some questions may ask you to identify the tool used to exploit WPS, such as Reaver. For the Networking+ exam, you might also encounter a troubleshooting question where a technician tries to connect a printer using WPS but it fails. The question may ask you to identify why the connection fails, such as the router having WPS disabled or the two-minute window expiring. Overall, WPS is a high-yield topic for exam preparation because it is a small, specific concept with clear vulnerabilities that exam writers frequently use to test security awareness.

Simple Meaning

Imagine you have a locked office building with a very secure front door that requires a long, complicated combination to enter. Every time a new employee arrives, you must give them that long combination, which takes time and can be easily mistyped. To make things faster, the building manager installs a special intercom system. When a new person arrives, they can press a button on the intercom next to the door, and the receptionist inside presses a matching button on their desk. The door unlocks for one minute, letting the new person in without needing the combination. That is essentially what Wi-Fi Protected Setup, or WPS, does for your wireless network.

WPS was created to solve a very real problem: typing long, complex Wi-Fi passwords on small screens like those on a smartphone, printer, or smart TV is tedious and error-prone. WPS offers two main methods to bypass that step. The most common method is the push button, where you physically press a button on your router and then select the WPS option on your device. The two devices then automatically exchange security information and connect. The other method uses a unique PIN, usually an eight-digit number printed on a sticker on the router. You enter this PIN on your device, and the router verifies it before allowing the connection.

While this sounds convenient, the security trade-off is significant. The PIN method, in particular, has a major flaw. The eight-digit PIN is actually checked in two halves, with the last digit being a checksum. This means a hacker only needs to guess the first four digits and then the remaining three, dramatically reducing the number of possible combinations. Using readily available software, an attacker can break the WPS PIN in a few hours or even minutes. Once they have the PIN, they can retrieve your actual Wi-Fi password and gain full access to your network. For this reason, many security experts strongly recommend disabling WPS on your router.

The push button method is somewhat safer because it requires physical access to the router to press the button, and the window for connection is very short. However, it is still not perfectly secure. If someone has physical access to your router, they could press the button without your knowledge. The main takeaway for learners is that WPS is an older convenience feature that has been largely abandoned for new, more secure connection methods like QR codes or Wi-Fi Easy Connect. In a certification context, you are expected to know the two modes of WPS, understand the vulnerability of the PIN method, and know that the recommended security practice is to disable WPS entirely.

Full Technical Definition

Wi-Fi Protected Setup (WPS) is a network security standard originally created by the Wi-Fi Alliance to simplify the process of connecting client devices to a wireless network. It was introduced in 2007 as an optional feature for Wi-Fi certified devices. The standard is formally defined in the Wi-Fi Simple Configuration (WSC) specification. WPS operates by automating the exchange of security credentials, specifically the Service Set Identifier (SSID) and the Pre-Shared Key (PSK), between an access point and a new client device. This automation eliminates the need for the user to manually enter the passphrase.

There are two primary methods of WPS operation: the Push Button Configuration (PBC) method and the Personal Identification Number (PIN) method. In the PBC method, the user initiates the process by pressing a physical or virtual button on the access point. The access point then enters a listening state for a short period, typically two minutes. During this time, the user initiates a WPS connection on the client device. Both devices use a Extensible Authentication Protocol (EAP) exchange, specifically EAP-WSC, to derive session keys and exchange the network credentials using a four-way handshake. This handshake is protected by Diffie-Hellman key exchange, which prevents an eavesdropper from capturing the credentials during the setup.

The PIN method involves an eight-digit numeric code that is either printed on a label on the router or generated by a software interface. The client device sends this PIN to the access point. The access point then verifies the PIN and, if correct, provides the network credentials. The critical weakness of the PIN method is how the PIN is validated. The eight-digit number is not verified as a single value. Instead, the access point checks the first four digits separately. If those are correct, it then checks the final four digits. The eighth digit is a checksum calculated from the first seven digits, which means an attacker effectively only needs to guess a 7-digit number, but in two separate stages. This reduces the total number of possible guesses from 100 million to 11,000 (10,000 for the first half, and 1,000 for the second half). A brute-force attack against a WPS PIN can succeed in under four hours with off-the-shelf hardware and tools like Reaver or Bully.

In real IT environments, WPS is often found enabled by default on consumer-grade and small office/home office (SOHO) routers. Enterprise access points typically do not support WPS due to its well-known vulnerabilities. Instead, enterprise environments use the 802.1X standard with a RADIUS server and Extensible Authentication Protocol (EAP) for secure client onboarding. For home networks, the recommended best practice is to disable WPS in the router's administrative interface. If a device must be connected without typing a password, more secure alternatives include using a QR code that encodes the Wi-Fi credentials or using a mobile app that shares the password securely. Wi-Fi Alliance has since introduced Wi-Fi Easy Connect (WPA3 SAE), which uses a more secure method called Device Provisioning Protocol (DPP) to authenticate devices without the vulnerabilities of WPS.

Real-Life Example

Think of a large apartment building with a secure main entrance. Traditionally, every new resident receives a physical key that fits the front door lock. This key is like the Wi-Fi password. Creating a copy of the key takes time, and if a resident loses their key, you have to worry about security. Now the building manager installs a new system: a small keypad next to the door. Every resident gets a unique, short PIN code, like 12345678. To enter, you type your PIN into the keypad, and the door unlocks. That is the WPS PIN method. It is convenient because you do not need a physical key, and new residents can get access by simply being given the PIN.

However, the building manager made a design error. The keypad does not check the whole 8-digit PIN at once. Instead, it first checks the first four digits. If you get those right, a small green light turns on, and then it checks the last four digits. This means a thief can stand near the keypad and try different combinations. They only need to get the first four right, wait for the green light, and then focus on the final four. It is much easier than guessing all eight digits at once. In fact, it makes the PIN many times weaker. This is exactly the vulnerability of the WPS PIN method. An attacker with a laptop and a software tool can brute-force the PIN because the router reveals when the first half of the PIN is correct.

Now imagine a different system: the push button method. In this version, to let a visitor in, you must walk to the front door and press a red button on the keypad. This button activates a one-minute window. While that window is open, any visitor in the lobby can press a matching button on their phone, and the door unlocks. This is the WPS push button method. It is safer than the PIN method because someone cannot guess the PIN from outside. However, it still has a risk. If a thief manages to get into the lobby while the resident is pressing the button, they can also press their phone button and sneak in. The physical access requirement reduces the risk, but it does not eliminate it entirely. Most homes and small offices use the push button method when they enable WPS, but enterprise security teams consider both methods too risky for production networks.

Why This Term Matters

In the real world of IT support and network administration, Wi-Fi Protected Setup is a classic example of a well-intentioned feature that became a security liability. For a help desk technician or a network administrator, understanding WPS is essential for several practical reasons. First, many users still have older routers at home or in small offices that have WPS enabled by default. When a user reports slow internet or strange devices appearing on their network, a quick check of the router's WPS status is often part of the troubleshooting process. An attacker who breaks the WPS PIN can not only steal bandwidth but also access network shares, printers, or other unsecured devices. Second, many entry-level IT professionals are asked to set up new routers for clients or coworkers. Part of that setup should be disabling WPS. Knowing why and how to disable it is a practical skill that distinguishes a competent technician from someone who just follows the default settings.

For network administrators in larger organizations, WPS is almost never used because enterprise-grade access points do not support it. However, the concept of WPS is still relevant because it highlights a fundamental tension in networking: convenience versus security. WPS was an attempt to make security easier for the average person, but it ultimately weakened security. This lesson applies to many other technologies, such as Universal Plug and Play (UPnP) or Remote Desktop Protocol (RDP) exposed to the internet. Therefore, learning about WPS teaches a broader principle: just because a feature is enabled by default or marketed as convenient does not mean it is safe to use.

Additionally, WPS is relevant for cybersecurity professionals who perform penetration testing or vulnerability assessments. When assessing a home or small business network, one of the first things a tester will check is whether WPS is enabled and if the PIN is vulnerable to brute-force attacks. Tools like Reaver are specifically designed to exploit this weakness. Understanding how these tools work and what they target requires a solid grasp of the WPS protocol. Finally, the transition from WPS to more modern standards like WPA3 and Wi-Fi Easy Connect is a current topic in the networking world. An IT professional who understands the past vulnerabilities can better appreciate the security improvements in the next generation of wireless technology.

How It Appears in Exam Questions

Exam questions about Wi-Fi Protected Setup generally fall into a few distinct categories: security risk identification, configuration questions, troubleshooting scenarios, and protocol understanding. In security risk identification questions, the exam presents a list of network settings or features and asks which one presents a security vulnerability. For example: A network technician notices that a home router has the following features enabled: DHCP, SSID broadcast, WPS, and MAC filtering. Which feature is the most significant security concern? The correct answer is WPS, especially if the question implies the PIN method is in use. The exam expects you to recognize that WPS, despite being a configuration aid, weakens overall network security.

Configuration questions might present a step-by-step process. For instance: A user wants to connect a new wireless printer to their home network using WPS. Which of the following steps should the user perform first? The answer is to press the WPS button on the router, then initiate WPS on the printer. Another configuration question might ask: Which of the following is the most secure method for connecting a new device to a wireless network? The options could include WPS PIN, WPS Push Button, manual password entry, and QR code scanning. The correct answer is manual password entry or QR code scanning, because WPS push button still has some risk and WPS PIN is highly vulnerable.

Troubleshooting questions are also common. A scenario might describe a technician who is trying to connect a client's smartphone to the office Wi-Fi using WPS. The technician presses the WPS button on the access point, but the connection fails. The question asks for the most likely cause. Possible answers include: the WPS button was not pressed within the two-minute window, the access point does not support WPS, the smartphone is not WPS-compatible, or WPS is disabled in the router settings. Another troubleshooting question might involve a user who reports that after enabling WPS, unknown devices are connecting to the network. The question might ask the technician to identify the cause, which is that the WPS PIN was brute-forced by an attacker.

Finally, there are protocol understanding questions. These are less common but still appear. A question might ask: What is the primary reason the WPS PIN method is considered insecure? The answer is that the PIN is validated in two halves, reducing the effective key space to about 11,000 possible combinations. Another question might ask: Which protocol is used during the WPS handshake? The answer is EAP (Extensible Authentication Protocol), specifically EAP-WSC. These questions test your deeper understanding of how WPS functions at the protocol level. To prepare for these questions, you should memorise the two methods of WPS, the specific vulnerability of the PIN method, the approximate number of guesses needed to crack the PIN, the tool name Reaver, and the recommended best practice of disabling WPS.

Practise Wi-Fi Protected Setup Questions

Test your understanding with exam-style practice questions.

Practise

Example Scenario

Situation: Maria is an IT support technician at a small dental office. The office has a wireless router that was set up several years ago by a previous technician. The router is a standard consumer model, and all the default settings are still in place. The staff use the Wi-Fi for patient check-in tablets, a receptionist computer, and a wireless printer. Recently, the office manager noticed that the internet connection has become very slow, especially in the afternoons. Some staff members also report seeing a device named 'TV-5G' on the network, but no one in the office owns such a device.

Maria decides to investigate. She logs into the router's administration interface using the default password, which was never changed. She navigates to the wireless settings page and notices that 'Wi-Fi Protected Setup' is enabled and set to the PIN method. The PIN is still the default eight-digit number printed on the router's sticker. Maria realizes this is the most likely source of the problem. Someone outside the office, perhaps in the shared building or a nearby apartment, has used a tool like Reaver to brute-force the WPS PIN and gain access to the network. Once inside, that person is using the bandwidth for streaming or downloading, slowing down the network for everyone else.

Application: Maria now understands how Wi-Fi Protected Setup works. She knows that the WPS PIN method is extremely vulnerable because the router validates the PIN in two halves. An attacker only needs to guess the first four digits, get a confirmation, and then guess the last three digits (the eighth digit is a checksum). This reduces the number of attempts from ten million to just eleven thousand. With automated tools, this can be done in a few hours. Maria's first action is to disable WPS entirely in the router settings. She also changes the Wi-Fi password and updates the router's firmware. Finally, she schedules to replace the old router with a newer model that supports WPA3, which does not have the same WPS vulnerability. By understanding WPS, Maria solved the security breach and restored the office's network performance.

Common Mistakes

Believing that WPS is a completely secure method for connecting devices.

WPS, especially the PIN method, has a well-known and critical vulnerability that allows attackers to brute-force the PIN in hours. It is not considered secure for any network where security matters.

Always treat WPS as a convenience feature with significant security risks. The best practice is to disable it and use manual password entry or more secure methods like QR codes or WPA3 SAE.

Thinking that the WPS PIN is an 8-digit code that must be guessed all at once with 100 million possible combinations.

The WPS PIN is not validated as a single 8-digit number. It is checked in two halves, and the eighth digit is a checksum. This reduces the effective combinations to about 11,000.

Remember the vulnerability: the first four digits are checked separately from the last three (the eighth is a checksum). This is why a PIN that seems long is actually very weak.

Assuming that the push button method is completely safe because it requires physical access.

While the push button method is safer than the PIN method, it is not perfect. An attacker with physical access to the router could press the button. Also, if the button is pressed accidentally or without the owner's knowledge, any device in range could connect during the two-minute window.

Treat the push button method as a last resort for connecting a device. Disable WPS entirely unless you absolutely need it for a legacy device, and even then, disable it immediately after connecting that device.

Confusing WPS with WPA, WPA2, or WPA3 security protocols.

WPS is a setup mechanism, not a security encryption protocol. WPA, WPA2, and WPA3 are the encryption standards that protect the data on the wireless network. WPS helps a device get the password and connect, but the actual security of the data depends on WPA/WPA2/WPA3.

Think of WPS as a method to hand the keys to a new person, while WPA/WPA2/WPA3 are the locks on the doors. A weak handing-over method can compromise even the best lock.

Believing that all routers with WPS are automatically vulnerable and need to be replaced immediately.

The vulnerability exists in the WPS feature itself, but not all routers have the feature enabled by default. Many modern routers have already disabled WPS or offer a firmware update that disables it. The security risk is from using WPS, not from the mere presence of the feature.

Check the router settings. If WPS is disabled, the router is not vulnerable through this attack. Only enable WPS if you have a very specific need, and prefer the push button method over the PIN method.

Exam Trap — Don't Get Fooled

A question presents a scenario where a user wants to connect a new wireless printer using WPS. The question then asks what the user should do first. The trap option suggests entering the WPS PIN found on the router into the printer.

Another trap option suggests entering the Wi-Fi password into the printer. Remember that the most common WPS method is the push button method. The user should press the WPS button on the router first.

Then on the printer, they select the WPS option. The PIN method is secondary and often has a specific label on the router. When you see WPS in a question, think 'button push' before 'PIN entry'.

Commonly Confused With

Wi-Fi Protected SetupvsWPA (Wi-Fi Protected Access)

WPA is a security protocol that encrypts your wireless data, while WPS is a feature that helps you connect new devices to the network. WPA protects the information you send over Wi-Fi, while WPS is only about the setup process. They are not interchangeable.

You need WPA to keep your Wi-Fi traffic secure, just like you need a strong lock on your door. WPS is like a special key service that makes copies of your key, but it may make copies for people who should not have them. Without WPA, WPS does not work, but WPS is not required for WPA to function.

Wi-Fi Protected SetupvsQR Code Wi-Fi Sharing

QR code Wi-Fi sharing is a modern, secure way to connect devices. The network password is encoded in a QR code that you scan with a camera. WPS is an older technology that uses a button or PIN. QR code sharing does not have the WPS PIN vulnerability and is generally preferred for modern networks.

If you want a guest to connect to your Wi-Fi, you can show them a QR code on your phone. They scan it, and they are connected. With WPS, you would need to press a button on your router or give them a PIN that could be cracked by a neighbor.

Wi-Fi Protected Setupvs802.1X

802.1X is a port-based authentication standard used in enterprise networks, often requiring a username and password or certificate. WPS is a home-user convenience feature. 802.1X is very secure and uses a RADIUS server, while WPS has a well-known vulnerability and is not used in professional environments.

In a large company, an employee connects to Wi-Fi by entering their corporate username and password. That is 802.1X. At home, a person might press a button on their router to connect a new printer. That is WPS. One is for big, secure networks; the other is for quick home use.

Wi-Fi Protected SetupvsWPA3 SAE (Simultaneous Authentication of Equals)

WPA3 SAE is the newest Wi-Fi security standard that replaces WPA2. It includes a more secure way to set up connections called Wi-Fi Easy Connect (DPP). WPS is an older standard from the WPA2 era. WPA3 SAE is not vulnerable to the same offline brute-force attacks that affect WPS.

WPA3 SAE is like a modern bank vault with multiple locks and alarms. WPS is like a simple lock that uses a code that can be guessed easily. Upgrading your network to WPA3 is like replacing the old lock with a much stronger one that does not rely on a vulnerable setup process.

Step-by-Step Breakdown

1

Initiating the Connection

The user decides to connect a new wireless device to the network. For WPS to work, the router must have WPS enabled, and the device must support WPS. The user chooses either the push button or PIN method.

2

Activating the Access Point (AP) for WPS

For the push button method, the user physically presses the WPS button on the router. For the PIN method, the user notes the 8-digit PIN printed on the router label. The router then enters a listening state, usually for two minutes, during which it will accept WPS connection requests.

3

Device Initiates WPS Handshake

On the client device (like a printer or phone), the user selects the WPS option. The device then sends a probe request using the Extensible Authentication Protocol (EAP-WSC) to the access point, indicating it wants to use WPS.

4

Exchange of Credentials

If using the push button method, the access point and client device negotiate session keys using Diffie-Hellman key exchange. If using the PIN method, the client sends the PIN to the AP, which verifies it. Once verified, the AP sends the network SSID and Pre-Shared Key (the Wi-Fi password) to the client in an encrypted message.

5

Client Connects Using Standard Four-Way Handshake

After receiving the network password, the client device disconnects from the WPS session and reconnects to the network using the standard WPA2 or WPA3 four-way handshake. The device is now connected to the Wi-Fi network and can access the internet.

6

WPS Session Expires

The router's WPS listening mode times out after the two-minute window. If no device successfully completes the process, the router stops accepting WPS requests. This prevents accidental or malicious connections from outside the immediate setup period.

Practical Mini-Lesson

Wi-Fi Protected Setup is a feature you will likely encounter when working with consumer-grade routers in home or small office environments. As an IT professional, your approach to WPS should be straightforward: disable it. However, you must also know how to use it temporarily if a legacy device requires it, and how to recognize when it has been exploited. Let us go through a practical workflow.

First, when you are setting up a new router, always log into the administration interface before connecting it to the internet. Navigate to the wireless settings section. Look for an option labelled 'WPS', 'Wi-Fi Protected Setup', or sometimes 'Quick Setup'. Change the setting to 'Disabled' or 'Off'. This is a fundamental security hardening step. Many routers have WPS enabled by default. If you skip this step, you are leaving a door open for attackers. On some routers, disabling WPS also requires you to specifically disable the PIN method, as the push button method may be separate. Ensure both are turned off.

Second, if you must use WPS for a device that cannot accept a password manually, such as some older wireless printers or cameras, use the push button method only. Never use the PIN method. Press the button on the router, then initiate WPS on the device. As soon as the device connects, immediately log back into the router and disable WPS. This minimizes the window of vulnerability. The device remains connected because it already has the password, so turning off WPS does not break its connection.

Third, when troubleshooting a network that has been compromised, always check the router's WPS status. If it is enabled, especially with the PIN method, that is likely the attack vector. Look in the router logs for multiple failed WPS PIN attempts. You might also see an unusually high number of devices in the router's DHCP client list. If you suspect WPS has been cracked, change the Wi-Fi password and disable WPS immediately. Then, educate the end user about the risks.

Finally, know your tools. On the exam and in the field, Reaver is the most common tool used to exploit WPS PIN vulnerabilities. You do not need to know how to use Reaver, but you should know that it exists and what it targets. The broader concept here is defense in depth. WPS is a single feature that can undermine all other security measures like strong passwords and encryption. By understanding this one small setting, you protect the entire network. In your future career, you will apply this same logic to many other features that trade security for convenience.

Memory Tip

Think of WPS as 'Weak Password Shortcut'. The 'S' stands for Setup, but remember it as 'Shortcut', because it shortcuts security. If you see WPS in an exam question, immediately think 'security risk, especially PIN method, disable it'.

Covered in These Exams

Current Exam Context

Current exam versions that test this topic — use these objectives when studying.

Legacy Exam Context

Older materials may mention these exam versions, but learners should use the current objectives for their target exam.

N10-008N10-009(current version)

Related Glossary Terms

Frequently Asked Questions

Should I enable WPS on my home router?

No, the best security practice is to disable WPS on your router. The convenience is not worth the security risk, especially with the PIN method which can be cracked in hours.

What is the difference between WPS and WPA?

WPA (Wi-Fi Protected Access) is the encryption protocol that secures your wireless data. WPS is a setup feature that helps you connect devices to the network. WPA protects the data; WPS just hands out the password.

Is the WPS push button method safe?

The push button method is safer than the PIN method because it requires physical access to the router. However, it is not completely safe. If someone can physically reach the router, they could press the button without your knowledge. It is still recommended to disable WPS entirely.

How can I tell if my router has WPS enabled?

Log into your router's administration interface using a web browser. Look for a section called 'Wireless' or 'Security', and then find an option labeled 'WPS' or 'Wi-Fi Protected Setup'. If it says 'Enabled', you can change it to 'Disabled'.

Why is the WPS PIN considered so weak?

The PIN is checked in two halves. The router first checks only the first four digits, then the last four digits (with the eighth digit being a checksum). This reduces the number of possible guesses from 100 million to about 11,000, which can be tried in a few hours.

Does WPA3 have the same WPS vulnerability?

No, WPA3 uses a different, more secure connection method called Wi-Fi Easy Connect (Device Provisioning Protocol, DPP) and does not support the older WPS standard. WPA3 eliminates the WPS PIN vulnerability.

What tool do attackers use to crack WPS?

The most commonly used tool is called Reaver. It automates the process of brute-forcing the WPS PIN by exploiting the way the PIN is validated in two halves. You do not need to know how to use it, but you should know it exists for exam purposes.

Summary

Wi-Fi Protected Setup (WPS) is a feature designed to simplify the connection of devices to a wireless network, but it introduces a significant security vulnerability. The feature operates in two modes: the push button method, which requires physical access and is moderately safe, and the PIN method, which is critically flawed because the eight-digit PIN is validated in two halves, making it easy to brute-force. For certification exams like CompTIA A+ and Network+, you must understand that WPS is a security risk, know the two methods, and recognize the correct number of PIN combinations an attacker must test.

In real-world IT work, the best practice is to disable WPS on all routers, especially in home and small office environments. If you must use it for legacy devices, use the push button method only and disable it immediately after connecting the device. Remember that WPS is not a security protocol like WPA or WPA2; it is only a setup mechanism.

By mastering this small but important topic, you will be prepared for exam questions and able to improve network security in practice.