Why Pre Shared Keys are not Wifi Passwords

It is tempting to think of wifi passwords as equivalent to Pre Shared Keys (PSKs) used in authenticating wifi connections.  In fact, the wifi password is combined with the SSID (Service Set Identifier) of the wifi network to produce a 256-bit cryptographic key.

The Pre Shared Key model is not ideal for enterprise deployments, as anyone who knows the password can decrypt traffic, if they capture the handshake. IoT devices using Pre Shared Keys are also not secure where keys are leaked in plaintext logs. This is why there is a separate WPA2-Enterprise that abandons the PSK model.

WPA3-Personal replaced PSK with SAE (Simultaneous Authentication of Equals) to enhance security, adding a principle of forward security, by introducing unique keys for every session.