Technical Tip: How to set minimum 8 characters for configuring pre-shared key for WPA/WPA2-Personal SSID

Description

This article describes that starting from v6.2.1, the minimum length constraints for WPA/WPA2 SSID are set to 12. This article describes the way to set it to 8 characters.

Scope

FortiGate.

Solution

With the wfa-compatibility command for compatibility with previous WiFi specifications, the command only controls the minimum length of PSK in WPA/WPA2-Personal SSID.

When disabled, the Pre-Shared Key (PSK) has to contain 12 or more characters. By default it is disabled for security enforcement.

Users will get the below error if they try to give any password less than 12 characters.
The current passphrase is invalid. Has to be 12 to 63 characters long or 64 hex digits

To overcome this, enable the 'wfa-compatibility' so that minimum length is set to 8 characters.

config wireless-controller setting
    set wfa-compatibility enable
end

From FortiManager, it is possible to follow under Manage device, choose FortiGate, go to CLI configuration, search wireless-controller -> Settings, find wfa-compatibility, enable, and select 'OK'.