WiFiQR
Back to Blog
Technical11 min readApril 12, 2025

WEP vs WPA vs WPA2 vs WPA3: WiFi Encryption Types Explained

When you create a WiFi QR code, you need to specify the encryption type. Here's what each option means and which one to choose.

When you set up a WiFi QR code, one of the required fields is the encryption type. The dropdown typically shows options like WEP, WPA, WPA2, and WPA3. If you're not a networking professional, these abbreviations are opaque. But the choice matters — it directly affects the security of your wireless network and the compatibility of the QR code with different devices.

This article explains each encryption standard in plain English: what it does, how secure it is, and when to use it. No networking degree required.

What Is WiFi Encryption?

WiFi encryption is the process of scrambling the data transmitted between your device and the router so that only those two endpoints can read it. Without encryption, anyone within WiFi range can intercept and read all traffic — emails, passwords, browsing history, everything.

Think of encryption as a locked envelope. Without it, your WiFi data is a postcard that anyone can read. With encryption, it's a sealed letter that requires a specific key to open. The different encryption standards (WEP, WPA, WPA2, WPA3) represent different generations of "lock" technology, each stronger than the last.

WEP: Wired Equivalent Privacy (1997)

WEP was the first encryption standard for WiFi networks, introduced alongside the original 802.11 wireless standard in 1997. Its name — "Wired Equivalent Privacy" — expressed the ambition: to make wireless communication as secure as a wired Ethernet connection.

It failed at that goal. WEP uses the RC4 stream cipher with 64-bit or 128-bit keys, but a critical design flaw in how it generates initialization vectors (IVs) means that an attacker can collect enough packets to derive the encryption key. With modern tools, a WEP key can be cracked in minutes — sometimes seconds.

Key facts about WEP:

  • Introduced in 1997, deprecated by the Wi-Fi Alliance in 2004.
  • Uses RC4 cipher with flawed key scheduling.
  • Can be broken in minutes with freely available tools (Aircrack-ng, for example).
  • Provides essentially no real security by modern standards.
  • Still found on some very old routers and legacy IoT devices.

Should you use WEP in a QR code? No. Never. If your router only supports WEP, it's time for a hardware upgrade. WEP is a historical artifact, not a viable security option.

WPA: Wi-Fi Protected Access (2003)

WPA was developed as an emergency stopgap after WEP's vulnerabilities became widely known. It was created by the Wi-Fi Alliance as a firmware-level upgrade that could be deployed on existing WEP-era hardware without requiring new chips.

WPA introduced TKIP (Temporal Key Integrity Protocol), which dynamically generates a new encryption key for each data packet rather than reusing the same key. This was a significant improvement over WEP's static key approach and made the most obvious WEP attacks ineffective.

However, TKIP was built on top of the same RC4 cipher as WEP (for backward compatibility), and over time, researchers found vulnerabilities in TKIP itself. While much harder to exploit than WEP, WPA/TKIP is no longer considered fully secure.

Key facts about WPA:

  • Introduced in 2003 as a transitional standard.
  • Uses TKIP with per-packet key generation.
  • Significantly more secure than WEP, but still based on RC4.
  • Vulnerable to certain attacks (notably the Beck-Tews attack on TKIP).
  • Officially superseded by WPA2 in 2004.

Should you use WPA in a QR code? Only if your router doesn't support WPA2, which would be very unusual for any hardware made after 2005. In practice, if you see "WPA/WPA2" as an option on your router, it means the router supports both and will negotiate the strongest available option with each connecting device.

WPA2: Wi-Fi Protected Access II (2004)

WPA2 is the current backbone of WiFi security worldwide. Introduced in 2004 and mandatory for all Wi-Fi certified devices since 2006, WPA2 replaced TKIP's RC4 cipher with AES (Advanced Encryption Standard) running in CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) mode.

AES is a symmetric-key encryption standard used by governments and financial institutions worldwide. It's computationally impractical to brute-force with current technology. The AES/CCMP combination in WPA2 provides robust data confidentiality, integrity, and authentication.

WPA2 has been the default encryption standard for over two decades, and it remains the most widely deployed WiFi security protocol in the world. While the KRACK (Key Reinstallation Attack) vulnerability was discovered in 2017, it has been patched by all major device manufacturers, and the attack requires the attacker to be within physical WiFi range and perform a complex man-in-the-middle procedure.

Key facts about WPA2:

  • Introduced in 2004, mandatory for Wi-Fi certification since 2006.
  • Uses AES encryption in CCMP mode — military-grade cryptography.
  • Supported by virtually every WiFi device made in the last 18 years.
  • The KRACK vulnerability (2017) has been widely patched.
  • Available in two modes: WPA2-Personal (pre-shared key) and WPA2-Enterprise (RADIUS authentication).

Should you use WPA2 in a QR code? Yes. WPA2 is the safe, universally compatible default. When creating a WiFi QR code, selecting "WPA/WPA2" ensures compatibility with the widest range of devices. This is the right choice for nearly all home, business, and event use cases.

WPA3: Wi-Fi Protected Access III (2018)

WPA3 is the newest WiFi security standard, announced by the Wi-Fi Alliance in 2018. It addresses several known weaknesses in WPA2 and introduces features that make WiFi security stronger by default, even for non-technical users.

The most significant improvement in WPA3-Personal is Simultaneous Authentication of Equals (SAE), which replaces WPA2's Pre-Shared Key (PSK) handshake. SAE provides "forward secrecy" — meaning that even if an attacker captures encrypted traffic and later obtains the password, they cannot decrypt the previously captured data. SAE also makes offline dictionary attacks (where an attacker captures a handshake and tries millions of passwords against it) impossible.

WPA3 also mandates Protected Management Frames (PMF), which protect against deauthentication attacks — a common technique where an attacker forces devices to disconnect from the network.

Key facts about WPA3:

  • Introduced in 2018, mandatory for new Wi-Fi 6 (802.11ax) certified devices.
  • Uses SAE handshake for stronger password-based authentication.
  • Provides forward secrecy and resistance to offline dictionary attacks.
  • Includes Protected Management Frames (PMF) by default.
  • WPA3-Enterprise mode uses 192-bit minimum encryption strength.
  • Not yet universally supported — older devices may not connect to WPA3-only networks.

Should you use WPA3 in a QR code? Yes, if your router supports WPA3 and you're confident that all expected client devices support it too. Most phones and laptops from 2020 and later support WPA3. However, older devices, some IoT devices, and certain budget smartphones may not. If compatibility is a concern (e.g., at a public business or event), WPA2 is the safer choice. Many modern routers offer a "WPA2/WPA3 Transition Mode" that accepts both — in that case, you can set the QR code to WPA2 and devices that support WPA3 will still negotiate the stronger protocol automatically.

Open Networks (No Encryption)

An open network uses no encryption at all. Traffic is transmitted in plaintext, meaning anyone within range can intercept and read data using basic packet-sniffing tools. There is no password, and the QR code simply connects the device to the network without any authentication.

Open networks were once common in cafés and airports, but even those environments have largely moved to WPA2 with captive portals (where you accept terms before gaining internet access). If you must offer an open network, combine it with a captive portal and clearly inform users that the connection is unencrypted.

Should you use "Open" in a QR code? Avoid it. Even for a public guest network, using WPA2 with a simple password (displayed alongside the QR code) is significantly more secure than no encryption. The minor inconvenience of including a password is vastly outweighed by the protection it provides.

Which Encryption Type Should You Choose for Your QR Code?

Here's a simple decision framework:

  1. Default choice: WPA/WPA2. This is the right option for 90%+ of use cases. It's universally compatible, strong, and well-understood.
  2. If all devices are modern (2020+): WPA3. You'll benefit from stronger authentication and forward secrecy.
  3. If your router supports WPA2/WPA3 transition mode: Select WPA2 in the QR code. Devices that support WPA3 will automatically negotiate the stronger protocol, while older devices will fall back to WPA2.
  4. Never: WEP or Open. There is no legitimate modern use case for either of these options.

If you're not sure which encryption your router uses, check the router's admin panel (usually accessible at 192.168.1.1 or 192.168.0.1 in a web browser). The wireless security settings will show the current encryption type. Match that setting in the QR code generator.

A Note on QR Code and Encryption Compatibility

The encryption type encoded in a WiFi QR code must match the encryption type configured on your router. If you create a QR code with WPA3 but your router is set to WPA2-only, the connection will fail when a device tries to use the QR code. The QR code tells the phone what protocol to attempt — the router enforces what it actually accepts.

This is the most common cause of "WiFi QR code not working" reports: a mismatch between the QR code's encryption field and the router's actual setting. When creating your QR code, verify the encryption type against your router's configuration. When in doubt, WPA/WPA2 is the most forgiving option.

Create Your WiFi QR Code

Choose the right encryption, enter your network details, and generate a secure QR code in seconds.

Go to Generator