To begin, a PSK and a password are not the same thing.
A pre-shared key (PSK) is a super-long series of seemingly random letters and numbers generated when a device joins a network through a Wi-Fi access point (AP). The process begins when a user logs into the network using the SSID (name of the network) and password (sometimes called a passphrase).
The SSID and password (8-63 characters) are then used to create the PSK, which is then used in conjunction with other information to create an even more complex encryption key to protect data sent over the network.
Here is an example of an SSID, password, and PSK:
SSID: John’s Home Network
During what is called a "four-way handshake," four messages are sent back and forth between a client device (smartphone, tablet, laptop) and access point. The goal is to produce what is called a "pairwise transit key” or PTK which is ultimately used to encrypt all traffic between the client device and access point once network connection is achieved.
To generate a PTK during the four-way handshake, the following five pieces of information are gathered or generated from the device & access point and sent back and forth in the messages:
PMK - pairwise master key (first key generated after PSK authentication)
Anonce - a random number generated by an access point ("A" means authenticator, which is what the access point is, and "nonce" means single-use)
Snonce - a random number generated by a client device ("S" means supplicant, which is what the device is, and “nonce” means “use it once and throw it away”)
MAC AA - the MAC address of the “authenticator” or Wi-Fi access point
MAC SA - The MAC address of the “supplicant” or client device
The PTK is then generated using the function below. In this function, the term "PRF" means "pseudo-random function" which is just a function applied to the five pieces of information to generate that even more secure, top-level PTK:
PTK = PRF (PMK + Anonce + SNonce + Mac (AA)+ Mac (SA))
Why is a PSK important?
In essence, the pre-shared key or PSK plays an essential part in the encryption process that keeps network traffic secure.