Network+Beginner15 min read

What Does WPS Mean?

Also known as: Wi-Fi Protected Setup

Reviewed byJohnson Ajibi· Senior Network & Security Engineer · MSc IT Security

This page mentions older exam versions. See the Current Exam Context and Legacy Exam Context sections below for the updated mapping.

On This Page

Quick Definition

Wi-Fi Protected Setup (WPS) is a network security standard designed to make it easier for users to connect devices to a secure Wi-Fi network without manually entering a long, complex pre-shared key (PSK). It was introduced by the Wi-Fi Alliance in 2006 to address the usability challenge of WPA/WPA2 security. WPS supports several methods for establishing a connection, including a push-button configuration (PBC) where the user presses a physical or virtual button on both the router and the client device, and a PIN method where an eight-digit PIN printed on the router label is entered on the client. The PIN method, however, contains a severe design flaw: the eighth digit is a checksum, and the remaining seven digits are validated in two halves, making it possible for an attacker to brute-force the PIN in a matter of hours using tools like Reaver. Because of this vulnerability, security experts strongly recommend disabling WPS on all routers. The push-button method is more secure but still susceptible to physical access attacks. WPS operates at the Data Link layer (Layer 2) of the OSI model and is defined in the Wi-Fi Simple Configuration specification.

Must Know for Exams

The CompTIA Network+ exam (N10-008) covers WPS primarily in the context of network security and wireless networking. Specifically, it falls under Objective 2.4 (Compare and contrast wireless networking protocols) and Objective 4.

1 (Explain common security concepts). Exam focus areas include: 1) The two main WPS methods—Push Button and PIN—and their relative security. Candidates must know that PIN is vulnerable to brute-force attacks.

2) The exact vulnerability: the eight-digit PIN is split into two halves (first four digits and last three digits, with the eighth digit as a checksum), reducing the keyspace to 11,000 possibilities. 3) The recommended security practice: disable WPS entirely, especially the PIN method. 4) The fact that WPS is not supported in WPA3, which uses SAE instead.

5) The operational impact: WPS can be used for headless devices like printers but should be disabled after initial setup. Questions may also ask about the attack tool Reaver, which exploits WPS PIN. Additionally, candidates should understand that WPS operates at Layer 2 and does not require IP configuration.

A common exam trap is confusing WPS with WPA2-PSK or thinking that WPS is a security protocol rather than a configuration convenience. The exam expects you to identify that WPS is a vulnerability, not a security feature.

Simple Meaning

Imagine you have a locked diary with a combination lock. Normally, to open it, you have to carefully dial each number of the combination—this is like typing in a long Wi-Fi password. WPS is like a secret shortcut: instead of dialing the whole combination, you can press a magic button on the diary and it unlocks instantly for a friend.

That is the push-button method—easy and fast. But there is also a second shortcut: a small sticker on the diary with a simple 8-digit code. If someone sees that sticker, they can enter the code and open the diary.

The problem is that this code is not as secure as it seems—it is actually easy for a thief to guess by trying only a few thousand possibilities, not millions. So while the magic button is reasonably safe if you watch it, the code sticker is a huge security risk. That is why many security experts say you should remove the sticker (disable WPS) and just use the combination lock (type the password) instead.

Full Technical Definition

Wi-Fi Protected Setup (WPS) is a network security standard developed by the Wi-Fi Alliance to simplify the process of connecting client devices to a Wi-Fi network secured with WPA or WPA2. It is formally specified in the Wi-Fi Simple Configuration (WSC) protocol. WPS operates primarily at the Data Link layer (Layer 2) of the OSI model, as it involves the exchange of Extensible Authentication Protocol (EAP) messages encapsulated in 802.

11 management frames. The standard defines four connection methods: Push Button Configuration (PBC), PIN entry, Near-Field Communication (NFC), and USB flash drive. The most common implementations are PBC and PIN.

In PBC, the user presses a button on the access point (AP) and then a button on the client within a two-minute window; the devices then exchange credentials using Diffie-Hellman key exchange and WPA2-PSK is automatically configured. The PIN method requires the user to enter an eight-digit PIN, typically printed on a label on the router. The PIN is validated using a two-part challenge: the first four digits are verified separately from the last three digits (the eighth digit is a checksum).

This reduces the effective keyspace from 10^8 to 10^4 + 10^3 = 11,000 possibilities, making it vulnerable to brute-force attacks. Tools such as Reaver and Bully can recover the PIN in 2-10 hours. Once the PIN is known, the attacker can extract the WPA2-PSK passphrase.

WPS does not operate at the Network layer (Layer 3) and does not involve IP addressing. Compared to alternatives like manually entering a 63-character WPA2 passphrase, WPS offers convenience at the cost of security. The Wi-Fi Alliance deprecated the PIN method in 2011, but many routers still support it by default.

WPS is not compatible with WPA3, which uses Simultaneous Authentication of Equals (SAE) and does not include WPS.

Real-Life Example

Consider a small business, 'Bean There Coffee,' that offers free Wi-Fi to customers. The owner, Maria, uses a consumer-grade router with WPS enabled. She sets up a new printer in the back office that needs to connect to the Wi-Fi.

Instead of typing the long WPA2 passphrase on the printer's tiny display, she walks to the router, presses the physical WPS button, and then presses the WPS button on the printer. Within 30 seconds, the printer is connected. This is convenient for Maria.

However, an attacker sitting in the coffee shop with a laptop and a USB Wi-Fi adapter can run Reaver against the router's WPS PIN. Because Maria never disabled WPS PIN authentication, the attacker captures the PIN in about 4 hours. With the PIN, the attacker extracts the WPA2 passphrase and gains full access to the network, potentially intercepting customer traffic or accessing the point-of-sale system.

Maria later discovers the breach during a security audit. The lesson: the convenience of WPS PIN led to a serious security incident. Maria now disables WPS entirely and uses a strong passphrase with a dedicated guest network.

Why This Term Matters

For IT professionals, understanding WPS is critical because it represents a classic trade-off between usability and security. Many enterprise-grade access points still ship with WPS enabled by default, and technicians must know to disable it during initial configuration. In troubleshooting scenarios, a user who cannot connect a device may have WPS enabled but misconfigured, or the WPS button may be stuck.

On the Network+ exam, questions about WPS often test the candidate's knowledge of its vulnerabilities and the recommended security posture. Knowing that WPS PIN is easily brute-forced and should be disabled is a key fact. This knowledge also translates to real-world security hardening—disabling WPS is a quick win that significantly reduces attack surface.

For career growth, demonstrating awareness of such vulnerabilities shows employers that you prioritize security best practices.

How It Appears in Exam Questions

WPS appears in Network+ questions in several patterns. Pattern 1: 'A technician is configuring a wireless network and wants to simplify device connections. Which of the following should be disabled to improve security?'

The correct answer is 'WPS PIN' or 'WPS' (depending on options). Wrong answers often include 'SSID broadcast,' 'DHCP,' or 'MAC filtering.' Pattern 2: 'An attacker uses a tool to recover a wireless passphrase in a few hours.

Which vulnerability is being exploited?' The correct answer is 'WPS PIN brute-force.' Wrong answers include 'WEP weak IVs,' 'Evil twin,' or 'Rogue AP.' Pattern 3: 'Which of the following wireless security methods is most susceptible to brute-force attacks?'

The correct answer is 'WPS PIN.' Wrong answers include 'WPA2-PSK with a strong passphrase,' 'WPA3-SAE,' or '802.1X.' Pattern 4: 'A user reports that a new printer cannot connect to the Wi-Fi.

The technician presses a button on the router and then on the printer, and the connection succeeds. Which technology was used?' The correct answer is 'WPS Push Button.' Wrong answers include 'Bluetooth pairing,' 'NFC,' or 'Ad-hoc mode.'

To identify the correct answer, look for keywords like 'button,' 'PIN,' 'eight-digit,' or 'brute-force.'

Practise WPS Questions

Test your understanding with exam-style practice questions.

Practise

Example Scenario

Step 1: You buy a new wireless printer for your home office. The printer has a small screen but no keyboard—typing a 20-character Wi-Fi password would be tedious. Step 2: You locate the WPS button on your router.

It is often labeled with a symbol of two arrows forming a circle. Step 3: You press the WPS button on the router. The router's WPS LED starts blinking, indicating it is in discovery mode for two minutes.

Step 4: Within that two-minute window, you press the WPS button on the printer. The printer scans for WPS-enabled access points. Step 5: The router and printer exchange credentials automatically using Diffie-Hellman key exchange.

The printer receives the WPA2 passphrase and connects to the network. The whole process takes about 30 seconds. Step 6: You verify the printer is connected by printing a test page.

The convenience is obvious, but you also remember to disable WPS PIN in the router settings to prevent future attacks.

Common Mistakes

Students think WPS is a security protocol that encrypts data, like WPA2.

WPS is not an encryption protocol; it is a configuration convenience that automates the distribution of pre-shared keys. It does not encrypt data itself—it relies on WPA/WPA2 for encryption.

Remember: WPS is about setup, not security. It helps you connect, not protect.

Students believe the eight-digit PIN is secure because it has 100 million combinations.

The PIN is not validated as a single 8-digit number. It is split into two halves (first 4 digits and last 3 digits, with the 8th digit as a checksum), reducing the search space to 11,000 attempts.

Think '11,000' not '100 million.' The split halves make it weak.

Students think disabling WPS means you cannot use push-button configuration.

Disabling WPS typically disables both PIN and PBC methods. Some routers allow disabling PIN only, but the safest practice is to disable WPS entirely.

On the exam, 'disable WPS' is the correct answer for improving security, regardless of method.

Exam Trap — Don't Get Fooled

{"trap":"The most dangerous trap is that candidates see 'WPS' and think it is a secure alternative to typing a password, so they choose 'WPS is more secure than WPA2-PSK' as the correct answer. In reality, WPS is a vulnerability, not a security enhancement.","why_learners_choose_it":"The name 'Wi-Fi Protected Setup' sounds official and secure.

Learners associate 'Protected' with security, and they know that typing a long password is inconvenient, so they assume the automated method must be better. The exam exploits this trust in the name.","how_to_avoid_it":"Apply the 'PIN test': if the question mentions an eight-digit PIN or a button for easy setup, the answer is almost always about vulnerability or the need to disable it.

Never choose WPS as a security feature—always treat it as a risk."

Commonly Confused With

WPSvsWPA2-PSK

WPA2-PSK is the encryption protocol that secures the wireless data using a pre-shared key. WPS is a mechanism to distribute that key automatically. WPA2-PSK provides confidentiality; WPS provides convenience. They are complementary but distinct.

You use WPS to automatically send the WPA2-PSK passphrase to a printer, but the actual encryption of data is done by WPA2-PSK.

WPSvsWPA3-SAE

WPA3-SAE (Simultaneous Authentication of Equals) is the successor to WPA2 and uses a secure handshake resistant to offline dictionary attacks. WPS is not supported in WPA3. SAE eliminates the need for WPS by providing a more secure and user-friendly connection process.

A WPA3 network does not have a WPS button; instead, it uses SAE to securely connect devices without a vulnerable PIN.

Step-by-Step Breakdown

1

Step 1 — Initiation

The user initiates WPS on the access point (AP) by pressing a physical button or enabling it via the web interface. The AP enters a 'listening' state for up to two minutes, broadcasting WPS Information Elements (IEs) in beacon frames.

2

Step 2 — Client Discovery

The client device (e.g., printer) also activates WPS, either by pressing its own button or selecting WPS in its settings. The client scans for APs broadcasting WPS IEs and selects the one with the matching session.

3

Step 3 — Credential Exchange

The AP and client perform a Diffie-Hellman key exchange to establish a secure tunnel. Over this tunnel, the AP sends the network SSID and WPA2-PSK passphrase to the client. The client acknowledges receipt.

4

Step 4 — Configuration

The client configures its wireless interface with the received SSID and passphrase. It then attempts to associate and authenticate with the AP using standard WPA2-PSK procedures.

5

Step 5 — Connection Established

The client successfully connects to the Wi-Fi network. The WPS session ends. The AP may flash a success indicator. The user can now use the device on the network without ever typing the password.

Practical Mini-Lesson

Wi-Fi Protected Setup (WPS) is a convenience feature that automates the connection of devices to a Wi-Fi network. It was created to solve a real problem: users found it difficult to type long, complex Wi-Fi passwords on devices with limited input methods, such as printers, game consoles, and smart TVs. WPS offers two primary methods: Push Button Configuration (PBC) and PIN entry.

In PBC, the user presses a physical or virtual button on the access point and then on the client device within a two-minute window. The devices then use a secure key exchange (Diffie-Hellman) to share the network credentials. This method is reasonably secure because it requires physical access to both devices during the pairing window.

However, it is still vulnerable to a 'WPS evil twin' attack where an attacker sets up a fake AP with WPS enabled. The PIN method is far more dangerous. The PIN is an eight-digit number, but the eighth digit is a checksum computed from the first seven digits.

Moreover, the PIN is validated in two halves: the first four digits are checked first, then the last three digits. This means an attacker only needs to guess 10^4 (10,000) possibilities for the first half and 10^3 (1,000) for the second half, totaling 11,000 attempts. A tool like Reaver can try all combinations in a few hours.

Once the PIN is recovered, the attacker can extract the WPA2 passphrase and gain full network access. Compared to alternatives, manually entering a strong passphrase is more secure but less convenient. WPA3 eliminates WPS entirely, using Simultaneous Authentication of Equals (SAE) which is resistant to offline brute-force attacks.

The key takeaway for IT professionals: always disable WPS on any network you manage, especially the PIN method. If you must use WPS for initial setup of a headless device, use PBC and disable WPS immediately afterward. On the Network+ exam, remember that WPS is a vulnerability, not a security feature.

Memory Tip

Think 'WPS = Weak PIN Setup.' The 'P' in WPS stands for 'Protected,' but the PIN method is anything but. Remember the number 11,000: that is the number of PIN combinations an attacker needs to try to break WPS. If you see 'eight-digit PIN' on the exam, think 'WPS vulnerability.'

Covered in These Exams

Current Exam Context

Current exam versions that test this topic — use these objectives when studying.

Legacy Exam Context

Older materials may mention these exam versions, but learners should use the current objectives for their target exam.

N10-008N10-009(current version)

Related Glossary Terms

Frequently Asked Questions

Is WPS the same as WPA2?

No. WPA2 is the encryption protocol that secures your Wi-Fi data. WPS is a separate feature that helps you connect devices to a WPA2 network by automatically sharing the password. They work together but are different technologies.

Why is WPS considered a security risk?

The PIN method of WPS is vulnerable to brute-force attacks because the eight-digit PIN is validated in two halves. An attacker can guess the first four digits (10,000 possibilities) and then the last three digits (1,000 possibilities), totaling only 11,000 attempts. Tools like Reaver can crack this in hours.

Can I use WPS with WPA3?

No. WPA3 does not support WPS. Instead, WPA3 uses Simultaneous Authentication of Equals (SAE), which provides a more secure and user-friendly connection process without the vulnerabilities of WPS.

Should I disable WPS on my home router?

Yes, absolutely. Even if you never use the PIN method, leaving WPS enabled exposes you to potential attacks. Disable WPS entirely in your router settings. If you need to connect a headless device, use the push-button method and then disable WPS afterward.

What is the difference between WPS Push Button and WPS PIN?

Push Button requires physical access to both the router and the client device during a two-minute window, making it more secure. PIN uses a static eight-digit code that can be brute-forced remotely. The PIN method is the primary security concern.

Summary

1) WPS (Wi-Fi Protected Setup) is a convenience feature that automates Wi-Fi device connections using either a push button or an eight-digit PIN. 2) The PIN method is critically flawed because the PIN is validated in two halves (first 4 digits, then last 3 digits, with the 8th digit as a checksum), reducing the effective keyspace to 11,000 possibilities, making it vulnerable to brute-force attacks in hours using tools like Reaver. 3) For the Network+ exam, remember that WPS should be disabled for security, it is not supported in WPA3, and the push-button method is more secure than PIN.

Always choose 'disable WPS' as the security best practice.