Security is based on a Public Key Infrastructure (PKI) key pair recorded in the device, including the Device Public Key. Manufacturers are beginning to certify and sell devices to support Wi-Fi Easy Connect along with support of WPA3. WPA3 will begin to replace WPA2 over the next several years. In addition, Android 10 and future versions of Android include support for Wi-Fi Easy Connect.
The simplicity for device configuration can provide significant benefits for commercial and industrial users as well, such as within manufacturing environments, distribution centers, health care facilities, offices, etc. However, one additional requirement compared to residential use, is for mutual authentication. The device also needs to authenticate the mobile phone providing WiFi credentials.
In other words, for business users, a configuring mobile phone should be authenticated with the device even though the device may not yet have any WiFi or Internet connectivity. The device needs to trust the configuration data received from the mobile phone, since the device could be high value or sensitive equipment. Or, IT security policies may reasonably mandate mutual authentication in order to setup new devices for connecting to the network.
A summary of Wi-Fi Easy Connect with mutual authentication is below: