Who are You?
The big step forward, in my opinion, is that WPA is blessing a much-needed authentication method out of the many that are presently competing for dominance in the marketplace. And even more important, it specifies a simplified form for consumer WLAN equipment that doesn't require an authentication server and that is easy to set up.
WPA uses 802.1x and Extensible Authentication Protocol (EAP) as the base of its authentication mechanism, but implements two authentication modes. In its "enterprise" level implementation, WPA's authentication will require a central authentication server (typically RADIUS) to authenticate each user on the network before they join it.
But since the authentication server requirement would never work in a consumer / SOHO WLAN because of the cost an complexity, WPA also provides a simplified form that allows the use of manually entered keys or passwords instead. This mode - called Pre-Shared Key (PSK) - only requires a single password entered into each WLAN node (Access Points, Wireless Routers, client adapters, bridges). Once the password is entered, WPA's TKIP mechanism takes over, generating and changing the WEP keys automatically.
Although this still requires the user to do something to enable security, the use of an alphanumeric password instead of multiple Hexadecimal codes should be easier for most users to cope with. Note however, that initially the Wi-Fi Alliance will allow vendors the option to ship with WPA turned on or off. At minimum, the WPA user interfaces on products should not ship with default (or null) passwords, and require (or at least strongly urge) the user to enable WPA and guide them through entering the master key on all stations. Proxim did a great job in this area on their HomeRF Symphony product line, which prompted the user to enter a network key on each station as part of its installation process. I hope they had some influence in this area during the WPA formation process.