# WPA2

> Source: Courseiva IT Certification Glossary — https://courseiva.com/glossary/wpa2

## Quick definition

WPA2 is a common security standard for Wi-Fi networks. It helps keep your internet activity private by scrambling the data sent between your device and the router. You likely use WPA2 at home or in a coffee shop without even knowing it. It replaced older, less secure methods like WEP.

## Simple meaning

Imagine you are writing a secret message on a piece of paper and want to pass it across a crowded room. If you just hand the paper over, anyone can read it. That is like using an unprotected Wi-Fi network. But if you put that paper in a locked box before passing it, only the person with the right key can open the box and read the message. WPA2 is like that locked box for your Wi-Fi data. It takes every piece of information your computer sends over Wi-Fi, scrambles it using a special key, and sends it in that scrambled form. The router, which has the same key, can unscramble it. If someone tries to intercept the data, all they see is gibberish. 

 WPA2 works in two main ways. In a home network, you create a password, and that password is used to generate the encryption keys. This is called Pre-Shared Key (PSK). In a company or school, there is a more complex setup where each person gets their own unique key, often managed by a central server. That is called 802.1X or enterprise mode. The "2" in WPA2 refers to the fact that it uses a stronger encryption standard called AES, which is much harder to crack than the older TKIP used in the original WPA. 

 Think of your Wi-Fi data as a series of letters you are mailing. WPA2 puts each letter into its own secure envelope. No one can peek inside without the proper key. This ensures that your private messages stay private, even if the postal carrier (the wireless signal) passes through a bad neighborhood (public airwaves). 

 WPA2 is not perfect. It can be vulnerable if someone guesses your password or if a specific attack called KRACK (Key Reinstallation Attack) is used. But for everyday use, it remains the baseline standard for wireless security. Understanding WPA2 is important because it is the difference between your data being readable by anyone nearby and your data being completely private.

## Technical definition

WPA2, formally IEEE 802.11i-2004, is a security protocol and certification program designed to secure wireless computer networks. It replaced the original WPA standard and is the mandatory minimum for Wi-Fi certified devices since 2006. WPA2 mandates the use of the Advanced Encryption Standard (AES) with the Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) as its core encryption and integrity mechanism. This provides strong confidentiality, data integrity, and replay attack protection. 

 WPA2 operates in two primary modes: Personal (WPA2-PSK) and Enterprise (WPA2-802.1X). In Personal mode, a pre-shared key (PSK) is derived from a passphrase (typically 8 to 63 ASCII characters) using the PBKDF2 (Password-Based Key Derivation Function 2) algorithm. This PSK is combined with the network SSID to generate a Pairwise Master Key (PMK). During the four-way handshake, the client and access point exchange messages to derive the Pairwise Transient Key (PTK) and Group Transient Key (GTK), which are used for unicast and multicast/broadcast traffic encryption respectively. 

 The four-way handshake is a critical process in WPA2. The access point sends a nonce (ANonce) to the client. The client responds with its own nonce (SNonce) and a MIC (Message Integrity Code) to prove it knows the PMK. The access point then sends the GTK and a MIC back. Finally, the client acknowledges. This handshake verifies that both parties possess the correct credentials without directly transmitting the password. Weakness in this handshake, as exploited by the KRACK attack, can allow an attacker to force the reuse of nonces and cryptographic keys, breaking encryption. 

 In Enterprise mode, the authentication is handled by a RADIUS (Remote Authentication Dial-In User Service) server. The client first performs an EAP (Extensible Authentication Protocol) exchange with the authentication server through the access point. The access point acts as a pass-through. Once authentication succeeds, the server and client derive a Master Session Key (MSK). The access point uses part of the MSK to construct the PMK, and the four-way handshake proceeds as in Personal mode. This allows for per-user, per-session keys, centralised management, and more robust security controls like certificate-based authentication. 

 WPA2 also introduced support for Protected Management Frames (PMF) in later revisions (802.11w), which protects deauthentication and disassociation frames from forgery. However, its primary encryption protocol, CCMP, uses a 48-bit packet number (PN) to prevent replay attacks. The security of WPA2 relies heavily on the strength of the pre-shared key or the robustness of the EAP method used in Enterprise mode. Weak passwords or misconfigured RADIUS servers are common vulnerabilities in real-world deployments.

## Real-life example

Think of WPA2 like a high-security locker system at a public gym. Everyone who pays and becomes a member gets a locker that they can lock with their own combination lock. The WPA2 Personal mode is like that: you set a single combination (the Wi-Fi password), and everyone who knows it can use a locker. Each locker is securely locked (encrypted), and only someone with the correct combination can open it. 

 Now, imagine a large company with hundreds of employees. It would be inefficient and risky to give everyone the same combination, because if one person leaves or loses their key, you would have to change every single locker. WPA2 Enterprise mode solves this. Instead of one shared combination, each employee gets their own unique badge or card that they swipe to access their locker. The locker system has a central computer that checks each badge, verifies that the person is still an employee, and then grants access. If someone leaves, you simply disable their badge in the central system, and they cannot open any lockers anymore. This is exactly how a company Wi-Fi works with WPA2-Enterprise. 

 The process of actually locking and unlocking the locker is the four-way handshake. You walk up to your assigned locker (the access point). You insert your key (the password or certificate). The locker asks a question. You respond. The locker confirms you are who you say you are, and then it gives you a temporary, secret key to use for that session. This whole conversation happens in microseconds and ensures that even if someone recorded the sounds of your key turning, they could not use it to open another locker later. 

 So, in simple terms: WPA2 is the system that ensures only the right people get access to the lockers (the Wi-Fi network), and that everything they put in the locker (their internet traffic) stays private and safe from prying eyes in the gym.

## Why it matters

WPA2 matters because it is the foundational security protocol for virtually all modern Wi-Fi networks. Without it, any data you send over Wi-Fi, from entering your email password to making a credit card purchase, would be transmitted in plain text. Anyone with a simple wireless packet sniffer within range of the signal could read, record, or even modify that data. This would make public Wi-Fi in airports, coffeeshops, and hotels extremely dangerous. 

 For IT professionals, understanding WPA2 is essential for practical network deployment and troubleshooting. When setting up a small office network, choosing WPA2-PSK with a strong passphrase is the first line of defence. In larger organisations, implementing WPA2-Enterprise with a proper RADIUS server, certificates, and 802.1X authentication is a standard requirement for compliance with security policies like PCI DSS or HIPAA. Knowing the difference between PSK and Enterprise, and how to configure each, is a core skill for a network administrator. 

 WPA2 also has practical limitations that professionals need to manage. The PSK mode is vulnerable to offline dictionary attacks if the password is weak. If a device is compromised, the shared key is exposed, requiring the key to be changed on every device. The KRACK vulnerability demonstrated that even the four-way handshake itself has theoretical weaknesses. As a result, Wi-Fi networks are transitioning to WPA3, but WPA2 remains widely deployed and will be for years. Knowing how to harden WPA2 networks by using strong passwords, enabling Protected Management Frames (802.11w), and keeping firmware updated is critical for maintaining security. In short, WPA2 is not just a theoretical concept; it is the practical barrier that protects the confidentiality and integrity of wireless traffic in most networks today.

## Why it matters in exams

WPA2 is a high-priority topic in several major IT certification exams. For CompTIA Network+, WPA2 is frequently tested under the wireless networking and security domains. You will be expected to know that WPA2 uses AES and CCMP, that it replaced TKIP from WPA, and that it operates in Personal (PSK) and Enterprise (802.1X) modes. Questions may ask you to select the most secure protocol from a list, or to identify WPA2 as the correct choice for securing a SOHO network. 

 For CompTIA Security+, WPA2 is tested under the cryptography and network security objectives. You need to understand the four-way handshake at a high level, the difference between PSK and Enterprise modes, and the significance of the KRACK vulnerability. Exam questions may present a scenario where a network technician must choose between WPA2 and WPA3, or troubleshoot a network that is using outdated encryption like WEP. Security+ also expects you to know that WPA2 provides both confidentiality and integrity via CCMP. 

 For Cisco CCNA, wireless security is a dedicated section. You will need to explain the entire authentication process of WPA2 including the roles of the supplicant (client), authenticator (AP), and authentication server (RADIUS). You should be familiar with configuration commands on a wireless LAN controller that set the security mode to WPA2-Enterprise and define the RADIUS server IP and shared secret. Questions may ask you to interpret debug output from a four-way handshake or to identify the correct WLAN security setting for a given requirement. 

 Even for entry-level exams like CompTIA A+, WPA2 appears in the networking basics section. You will be asked which security protocol is best for a home network, with the correct answer being WPA2. In all these exams, the key points are: WPA2 uses AES encryption, WPA2 is more secure than WPA and much more secure than WEP, WPA2-PSK is for home/small office, and WPA2-Enterprise is for larger networks with a RADIUS server. Pay close attention to the phrasing of questions regarding the encryption algorithm (AES vs. TKIP) and the authentication mode (PSK vs. 802.1X). These are the most common exam traps.

## How it appears in exam questions

In certification exams, WPA2 questions appear in several distinct patterns. The most common is the protocol selection question. You might be asked: "Which wireless security standard uses AES and CCMP for encryption?" The answer is WPA2. Another variant: "A company needs to deploy a wireless network that supports per-user authentication using a central server. Which security mode should be used?" Answer: WPA2-Enterprise. 

 Scenario-based questions are frequent. For example: "A network administrator is setting up a small office wireless network with five employees. The employees change frequently. What is the most secure and practical security configuration?" The answer is WPA2-PSK with a strong passphrase. If the question says "a large enterprise with many users and a RADIUS server already in place," then WPA2-Enterprise is correct. These questions test your understanding of the appropriate context for each mode. 

 Troubleshooting questions often involve confusing protocols. You may see a question like: "A technician is called to a network that is experiencing slow performance and the security is set to WPA-TKIP. The technician wants the strongest encryption possible while maintaining compatibility with older devices that do not support WPA3. What should the technician do?" The answer is to upgrade to WPA2-AES. Some older devices only support TKIP, so a mixed-mode WPA2 (TKIP/AES) is sometimes required, but the exam expects you to know that pure AES is always preferred. 

 Another pattern is the comparison question. "Which of the following is a vulnerability of WPA2-PSK?" The answer: "It is susceptible to offline dictionary attacks if a weak passphrase is used." Or: "What is the main difference between WPA and WPA2?" Answer: "WPA uses TKIP, while WPA2 uses AES." You may also see questions about the four-way handshake process, asking what is exchanged during the handshake (nonces, MIC, GTK). 

 Finally, questions about the KRACK vulnerability are increasingly common. A typical question: "What attack exploits the four-way handshake in WPA2 to allow decryption of data?" Answer: KRACK (Key Reinstallation Attack). The follow-up might be: "How can a network be protected against KRACK?" Answer: "Apply firmware updates to access points and clients." Knowing these patterns will help you quickly identify the correct answer in the exam.

## Example scenario

Scenario: You are working as a junior IT support technician for a small law firm. The office has ten computers and a single wireless router provided by the internet service provider. The firm's senior partner is concerned about client confidentiality because they have heard that Wi-Fi can be insecure. He asks you to make sure the network is as secure as possible with the existing hardware. When you check the router's settings, you see that the wireless security is currently set to "WEP" with a 128-bit key. You know this is not secure, but you need to decide what to change it to. 

 The router's wireless security options are: Open, WEP, WPA (TKIP), WPA2 (AES), and WPA3. Not all devices in the office support WPA3, so you decide to use WPA2. You select WPA2-PSK (Personal) because there is no RADIUS server in the office. For the passphrase, you create a 20-character random string of letters, numbers, and symbols. You also disable the WPS (Wi-Fi Protected Setup) feature, which is a known vulnerability. 

 After making the change, you go to each computer and enter the new passphrase. One of the computers, an older laptop, fails to connect. You suspect it may not support AES encryption. In the router settings, you see an option for "WPA2 Mixed Mode" which allows both TKIP and AES. You change the setting to this mixed mode, and the laptop connects successfully. However, you know this is slightly less secure than pure AES because an attacker could force the connection to use TKIP. You recommend replacing this laptop soon. 

 The senior partner is pleased because you have improved the security from easily-crackable WEP to strong WPA2 encryption. You explain that WPA2 encrypts all data sent over Wi-Fi, so even if someone intercepts the signal, they cannot read the data. You also advise that to maintain security, the passphrase should be changed annually or immediately if an employee leaves the firm. This scenario demonstrates the practical decision-making for a real-world WPA2 deployment.

## Common mistakes

- **Mistake:** Believing that WPA2 is unbreakable.
  - Why it is wrong: No security protocol is 100% perfect. WPA2 has known vulnerabilities, such as the KRACK attack, and is susceptible to offline dictionary attacks if the passphrase is weak. It can also be broken if an attacker has physical access to the router or if WPS is enabled.
  - Fix: Understand that WPA2 is a strong protocol for its time, but it is not invulnerable. Use a complex passphrase, keep firmware updated, and consider upgrading to WPA3 for future-proofing.
- **Mistake:** Thinking WPA and WPA2 are basically the same thing.
  - Why it is wrong: WPA was an interim solution that still used the weaker TKIP encryption. WPA2 requires the much stronger AES encryption and CCMP for integrity. WPA2 is significantly more secure. Using WPA in a modern network leaves it vulnerable to attacks that WPA2 can resist.
  - Fix: Always choose WPA2 (or WPA3) over WPA when available. If you see a network listed as WPA-only, treat it as insecure. In exams, remember: WPA = TKIP (weak), WPA2 = AES (strong).
- **Mistake:** Assuming WPA2-PSK and WPA2-Enterprise offer the same level of security.
  - Why it is wrong: WPA2-PSK relies on a single shared password. If that password is compromised, everyone on the network is affected. WPA2-Enterprise uses unique credentials per user, often with certificates, so compromising one user's credentials does not affect others. Also, Enterprise mode provides centralised control and auditing.
  - Fix: Choose PSK only for small home or office networks where convenience outweighs risk. For any network with multiple users or sensitive data, implement WPA2-Enterprise with a RADIUS server.
- **Mistake:** Using a short or simple passphrase for WPA2-PSK.
  - Why it is wrong: WPA2-PSK is vulnerable to offline dictionary attacks. An attacker can capture the four-way handshake and then try millions of possible passwords per second on their own computer. A short phrase like "password123" can be cracked in minutes. A 20-character phrase with mixed case, numbers, and symbols takes exponentially longer to crack.
  - Fix: Always use a passphrase that is at least 12 characters long, ideally 20 or more. Use a random string of characters or a memorable but long passphrase like "MyD0gL0ves2Walk!".
- **Mistake:** Enabling WPS (Wi-Fi Protected Setup) when using WPA2.
  - Why it is wrong: WPS was designed to simplify connecting devices, but it has a massive security flaw. If an attacker can see the router's physical button or scan for WPS, they can use a brute-force attack on the 8-digit PIN (which is checked in two halves). This can take just a few hours to crack, revealing your WPA2 passphrase.
  - Fix: Always disable WPS in the router's settings. It is not needed if you manually enter the passphrase on each device. Many modern routers have a physical button that can be used instead of a PIN, but it is safer to disable the feature entirely.
- **Mistake:** Confusing the encryption protocol (AES) with the authentication method (PSK/802.1X).
  - Why it is wrong: Learners often mix up what WPA2 uses. WPA2 mandates AES for encryption. But the authentication method is separate. You can have WPA2 with PSK or WPA2 with 802.1X. The term "WPA2-AES" is often used colloquially to mean WPA2-PSK with AES, but technically AES is part of the WPA2 standard, not an optional extra.
  - Fix: Study WPA2 as a whole. It defines both the encryption method (AES/CCMP) and the authentication framework (PSK or 802.1X). On exams, the correct answer will specify "WPA2" and you need to know what it implies.

## Exam trap

{"trap":"A question asks: 'Which encryption protocol does WPA2 use?' and offers options including TKIP, AES, CCMP, and RC4. Many learners see 'TKIP' and think of WPA, so they choose it because they know WPA2 is an 'improved' version, assuming it still uses TKIP but in a better way.","why_learners_choose_it":"They may recall that WPA used TKIP and that WPA2 was its successor. Without deep study, they assume the protocol family kept the same encryption core. They also confuse the protocol (AES/CCMP) with the older cipher. Some learners memorise 'WPA2 uses AES' but do not understand that AES is the encryption algorithm and CCMP is the protocol that implements it.","how_to_avoid_it":"Clearly memorise that WPA2 mandates CCMP which uses AES as the block cipher. TKIP was only for backward compatibility in early WPA2 mixed modes, but the full standard requires AES. When you see encryption questions, think: WEP = RC4, WPA = TKIP (RC4-based), WPA2 = AES (CCMP). Always read the answer choices carefully and look for the most precise term (usually 'AES' or 'CCMP' for WPA2). Practice by rewriting these mappings until they become automatic."}

## Commonly confused with

- **WPA2 vs WPA (original):** WPA was a temporary standard created to patch the weaknesses of WEP. It uses TKIP (Temporal Key Integrity Protocol) which is based on the RC4 cipher but with added integrity checks. WPA2 replaced it and requires the much stronger AES-based CCMP. WPA2 is more secure than WPA. Many older devices only support WPA, but modern ones should use WPA2 or WPA3. (Example: You have an old laptop from 2004 that can connect using WPA but not WPA2. That is because its Wi-Fi chip does not support the AES hardware acceleration required by WPA2.)
- **WPA2 vs WPA3:** WPA3 is the latest Wi-Fi security standard, released in 2018. It improves on WPA2 by using Simultaneous Authentication of Equals (SAE) instead of the four-way handshake, which provides forward secrecy and protects against offline dictionary attacks. WPA3 also supports 192-bit security mode and enhanced encryption. WPA2 is still widely used but is being phased out. WPA3 is backward compatible with WPA2 devices in mixed mode. (Example: When you buy a new smartphone in 2024, it supports WPA3. If you connect it to an old router that only supports WPA2, it will fall back to WPA2. To get the full security of WPA3, you need a router that supports it.)
- **WPA2 vs WEP (Wired Equivalent Privacy):** WEP is an older, much weaker security protocol that was part of the original 802.11 standard. It uses the RC4 cipher but with static keys that can be cracked in minutes with free tools available online. WEP provides essentially no real security today. WPA2 is vastly superior and should always be used instead of WEP. Using WEP is like having a lock that anyone can pick with a paperclip. (Example: If you see a Wi-Fi network named 'MyHome' that uses WEP, an attacker can run a program called Aircrack-ng and break into that network in under five minutes. The same attacker would need weeks or years to break a WPA2 network with a strong password.)
- **WPA2 vs 802.1X:** 802.1X is a port-based network access control protocol, not a wireless encryption standard itself. WPA2-Enterprise uses 802.1X as the authentication framework, meaning it relies on a RADIUS server to verify user credentials (like a username and password or a certificate). In contrast, WPA2-Personal does not use 802.1X at all. So 802.1X is a component of the WPA2-Enterprise mode, not the whole thing. (Example: A university WiFi that requires you to enter your student username and password is likely using WPA2-Enterprise with 802.1X. Your home WiFi that just asks for a single password is WPA2-Personal and does not involve 802.1X.)

## Step-by-step breakdown

1. **Initial Discovery Phase** — When a client (like a laptop) wants to connect to a WPA2 network, it first scans for available access points. The access point broadcasts beacon frames containing the SSID and the security capabilities, including that it supports WPA2. The client then sends a probe request and receives a probe response. This step identifies that WPA2 is required.
2. **Four-Way Handshake Begins: AP Sends ANonce** — After the client decides to associate with the access point, the AP sends an Authentication frame and then an Association frame. Once associated, the AP sends an EAPOL-Key frame containing a random number called ANonce (Authenticator Nonce). The client needs this nonce to start deriving encryption keys. This is the first of four messages in the handshake.
3. **Client Responds with SNonce and MIC** — The client takes the ANonce and generates its own random number called SNonce (Supplicant Nonce). Using both nonces and the Pairwise Master Key (PMK), the client derives a Pairwise Transient Key (PTK). It sends an EAPOL-Key frame back containing the SNonce and a Message Integrity Code (MIC). The MIC proves that the client knows the correct PMK without revealing it.
4. **AP Sends GTK and Confirms** — The access point receives the client's response and verifies the MIC using its own copy of the PMK. If it matches, the AP also derives the PTK. The AP then sends a third EAPOL-Key frame that includes the Group Transient Key (GTK) encrypted with the PTK, plus a MIC. The GTK is used to decrypt broadcast and multicast traffic (like ARP requests).
5. **Client Acknowledges and Installation** — The client decrypts the GTK, verifies the MIC, and sends a fourth EAPOL-Key frame acknowledging the handshake. Both sides now have a shared PTK for unicast traffic and a GTK for broadcast traffic. They install these keys into their encryption hardware. After this, all subsequent data frames are encrypted using AES-CCMP with the PTK. The handshake is complete and the network connection is fully secured.
6. **Ongoing Rekeying and Disconnection** — For security, the GTK is periodically refreshed by the access point. The AP may initiate a new four-way handshake at any time to update the PTK (this is called rekeying). When the client disconnects or the session expires, the keys are discarded. This ensures that if an attacker captures old keys, they cannot decrypt future traffic.

## Practical mini-lesson

Let's walk through what you actually need to know and do as an IT professional when dealing with WPA2. First, you must be able to identify WPA2 from a list of wireless security options. On a router's interface, you might see choices like "WPA2-PSK", "WPA2-Enterprise", "WPA2 Mixed", or "WPA2-AES". Your job is to select the correct one based on the network's needs. For a home or very small office, WPA2-PSK with a strong passphrase is standard. For any network with more than a handful of users, sensitive data, or compliance requirements, you should push for WPA2-Enterprise. 

 Configuring a WPA2-Enterprise deployment involves setting up a RADIUS server. On Windows Server, this is the Network Policy Server (NPS). You need to register the access point as a RADIUS client in NPS, define a shared secret (a password the AP uses to talk to the server), and create a connection request policy. Then, you configure the wireless network on the AP to use WPA2-Enterprise, select the appropriate EAP type (usually PEAP-MSCHAPv2 for username/password or EAP-TLS for certificates), and point to your RADIUS server by IP address and shared secret. On the client side, users need to configure their wireless profiles to match the EAP type and trust the server's certificate. 

 One of the most common practical problems is when a device fails to connect to a WPA2 network. The first step is to check if the device supports AES CCMP. Very old devices (pre-2006) may only support TKIP. In that case, you can enable "WPA2 Mixed Mode" on the AP, which allows both TKIP and AES connections. However, be aware that this creates a security downgrade possibility. The next step is to check the passphrase: it must be entered exactly, and some devices are case-sensitive. If the client still fails, check if the device's Wi-Fi driver is up to date. 

 Another real-world issue is the KRACK vulnerability (Key Reinstallation Attack). This affects the third step of the four-way handshake where the GTK is installed. An attacker can force the client to reinstall a key, allowing decryption of data. To mitigate this, you must update the firmware on every access point and on client devices. Vendors released patches shortly after the 2017 disclosure. As a technician, you should check the manufacturer's support page for the router model and apply the latest firmware. 

 Finally, remember that WPA2 is not suitable for all scenarios. For high-security environments, or where devices like IoT sensors with limited processing power are used, consider WPA3 or even a wired network. Also, WPA2 does not provide any protection against attacks on the network's internal devices once connected. It only secures the wireless link. Internal firewalls, network segmentation, and device authentication are still required. As a practical rule: treat WPA2 as the baseline, but layer additional security controls on top.

## Memory tip

WPA2 = 'Too Strong for WiFi', think of WPA2 as the '2' in 'second generation' wireless security, using the much stronger AES encryption (not TKIP from WPA).

## FAQ

**What does WPA2 stand for?**

WPA2 stands for Wi-Fi Protected Access 2. It is the second generation of the Wi-Fi Protected Access security protocol, developed by the Wi-Fi Alliance.

**Is WPA2 still safe to use?**

WPA2 is still considered safe for most personal and business use, provided you use a strong passphrase and keep your devices updated. However, newer WPA3 is more secure. WPA2 is preferred over WPA and WEP.

**Can WPA2 be hacked?**

Yes, if the passphrase is weak or if specific vulnerabilities like KRACK are exploited. Attackers can capture the four-way handshake and attempt offline password cracking. A strong password and updated firmware greatly reduce this risk.

**What is the difference between WPA2-PSK and WPA2-Enterprise?**

WPA2-PSK uses a single pre-shared key (password) for all devices, suitable for home or small networks. WPA2-Enterprise uses a RADIUS server to authenticate each user individually, providing stronger security and centralised management.

**Is WPA2 the same as 802.11i?**

Almost. WPA2 is based on the IEEE 802.11i-2004 standard. The Wi-Fi Alliance certifies products that comply with this standard as 'WPA2'. So in practice, WPA2 is the brand name for 802.11i.

**Does WPA2 support 5 GHz and 2.4 GHz?**

Yes, WPA2 is a security protocol and works on both 2.4 GHz and 5 GHz Wi-Fi frequencies. The frequency does not affect the protocol's security functionality.

**How do I change my router from WPA to WPA2?**

Log into your router's admin interface (usually 192.168.0.1 or 192.168.1.1), find the wireless security settings section, and select 'WPA2-AES' or 'WPA2-PSK'. Then save the settings. You will need to reconnect all your devices with the new passphrase.

**What is the WPA2 passphrase length limit?**

The passphrase can be 8 to 63 ASCII characters. For best security, use at least 12 characters that include a mix of uppercase letters, lowercase letters, numbers, and symbols.

---

Practice questions and the full interactive page: https://courseiva.com/glossary/wpa2
