diff --git a/LoggerFirmware/include/Configuration.h b/LoggerFirmware/include/Configuration.h
index 3d11cdab..1e47a3f2 100644
--- a/LoggerFirmware/include/Configuration.h
+++ b/LoggerFirmware/include/Configuration.h
@@ -99,7 +99,8 @@ class Config {
             CONFIG_UPLOAD_INTERVAL_S,/* String: interval (seconds) between upload attempts */
             CONFIG_UPLOAD_DURATION_S,/* String: duration (seconds) for each upload event */
             CONFIG_UPLOAD_CERT_S,   /* String: certificate to pass to upload server for authentication */
-            CONFIG_MDNS_NAME_S      /* String: recognition name for mDNS responder (hostname: name.local) */
+            CONFIG_MDNS_NAME_S,     /* String: recognition name for mDNS responder (hostname: name.local) */
+            CONFIG_REQUIRE_PMF_S    /* String: Require PMF for WPA3 connections (true/false) */
         };
 
         /// \brief Extract a configuration string for the specified parameter
diff --git a/LoggerFirmware/src/Configuration.cpp b/LoggerFirmware/src/Configuration.cpp
index 2b3a9d08..a3a4556e 100644
--- a/LoggerFirmware/src/Configuration.cpp
+++ b/LoggerFirmware/src/Configuration.cpp
@@ -86,7 +86,8 @@ const String lookup[] = {
     "UploadInterval",   ///< Interval (seconds) between upload attempts
     "UploadDuration",   ///< Time (seconds) for upload activity before diverting back to other efforts
     "UploadCert",       ///< Certificate to pass to the upload server for TLS
-    "mDNSName"
+    "mDNSName",
+    "RequirePMF"        ///< Require PMF for WPA3 (string)
 };
 
 /// Default constructor.  This sets up for a dummy parameter store, which is configured
diff --git a/LoggerFirmware/src/WiFiAdapter.cpp b/LoggerFirmware/src/WiFiAdapter.cpp
index 9bbc332d..cafef38e 100644
--- a/LoggerFirmware/src/WiFiAdapter.cpp
+++ b/LoggerFirmware/src/WiFiAdapter.cpp
@@ -31,6 +31,7 @@
 #include <WiFiAP.h>
 #include <ESPmDNS.h>
 #include <WebServer.h>
+#include <esp_wifi.h>
 #include <WifiClient.h>
 #include <LittleFS.h>
 #include <ESP32-targz.h>
@@ -322,6 +323,29 @@ class ConnectionStateMachine {
             Serial.print("ERR: attempting to join a WiFi network as a station without a specified SSID\n");
             return false;
         }
+
+        // Configure WPA3/PMF fallback & parameters for modern hotspots
+        WiFi.mode(WIFI_STA);
+        wifi_config_t conf;
+        esp_wifi_get_config(WIFI_IF_STA, &conf);
+        
+        bool require_pmf = false;
+        String require_pmf_str;
+        if (logger::LoggerConfig.GetConfigString(logger::Config::ConfigParam::CONFIG_REQUIRE_PMF_S, require_pmf_str)) {
+            require_pmf = require_pmf_str.equalsIgnoreCase("true") || require_pmf_str == "1";
+        }
+        
+        if (m_verbose) {
+            Serial.printf("DBG: WPA3 PMF configured as %s\n", require_pmf ? "REQUIRED" : "CAPABLE-ONLY");
+        }
+
+        conf.sta.pmf_cfg.capable = true;
+        conf.sta.pmf_cfg.required = require_pmf;
+#ifdef WPA3_SAE_PWE_BOTH
+        conf.sta.sae_pwe_h2e = WPA3_SAE_PWE_BOTH;
+#endif
+        esp_wifi_set_config(WIFI_IF_STA, &conf);
+
         wl_status_t status = WiFi.begin(ssid.c_str(), password.c_str());
         WiFi.setSleep(false);
         m_lastConnectAttempt = millis();