The second version (WPA2), released in mid-2004, does provide complete security, however, because it fully implements the IEEE 802.11i security standard with CCMP/AES encryption.
The Pre-Shared key or PSK or personal version is a type of mode which does not really provide substantial security especially for business purposes and venues. That’s because the encryption keys are much more vulnerable to hacking or cracking. However, the WPA2 enterprise is a mode which offers dynamic encryption keys which are securely distributed only when the user logs in with his username and correct password.
Both versions of Wi-Fi Protected Access (WPA/WPA2) can be implemented in either of two modes:
Personal or Pre-Shared Key (PSK) Mode: This mode is appropriate for most home networks—but not business networks. You define an encryption passphrase on the wireless router and any other access points (APs). Then the passphrase must be entered by users when connecting to the Wi-Fi network.
Though this mode seems very easy to implement, it actually makes properly securing a business network nearly impossible. Unlike with the Enterprise mode, wireless access can't be individually or centrally managed. One passphrase applies to all users. If the global passphrase should need to be changed, it must be manually changed on all the APs and computers. This would be a big headache when you need to change it; for instance, when an employee leaves the company or when any computers are stolen or compromised.
Unlike with the Enterprise mode, the encryption passphrase is stored on the computers. Therefore, anyone on the computer—whether it be employees or thieves—can connect to the network and also recover the encryption passphrase.
Enterprise (EAP/RADIUS) Mode: This mode provides the security needed for wireless networks in business environments. Though more complicated to set up, it offers individualized and centralized control over access to your Wi-Fi network. Users are assigned login credentials they must present when connecting to the network, which can be modified or revoked by administrators at anytime.
Users never deal with the actual encryption keys. They are securely created and assigned per user session in the background after a user presents their login credentials. This prevents people from recovering the network key from computers.