Here is the source for information on the attack that only requires a single EAPOL frame.
"This attack was discovered accidentally while looking for new ways to attack the new WPA3 security standard. WPA3 will be much harder to attack because of its modern key establishment protocol called "Simultaneous Authentication of Equals" (SAE).
The main difference from existing attacks is that in this attack, capture of a full EAPOL 4-way handshake is not required. The new attack is performed on the RSN IE (Robust Security Network Information Element) of a single EAPOL frame.
At this time, we do not know for which vendors or for how many routers this technique will work, but we think it will work against all 802.11i/p/q/r networks with roaming functions enabled (most modern routers).
The main advantages of this attack are as follow:
No more regular users required - because the attacker directly communicates with the AP (aka "client-less" attack)
No more waiting for a complete 4-way handshake between the regular user and the AP
No more eventual retransmissions of EAPOL frames (which can lead to uncrackable results)
No more eventual invalid passwords sent by the regular user
No more lost EAPOL frames when the regular user or the AP is too far away from the attacker
No more fixing of nonce and replaycounter values required (resulting in slightly higher speeds)" 
 - https://hashcat.net/forum/thread-7717.html
In WPA, in contrast with WEP, knowing a network's password does not automatically let you sniff another client's traffic. So, the distinction is quite interesting.
Basically it seems like there's a thing called PMKID, which is a HMAC-SHA1 of the PMK and things we know, which you can get just by asking for it.
I have a reasonably strong password on my wifi (it looks something like "OwEs3PMY7yk6qwR4ic"). Is this crackable with this guy's setup in a couple of days?
Also, they say "with a reasonably priced GPU cracking infrastructure, many systems can be cracked within a few days."
I take this to mean they're using something of the order of magnitude of a couple K80 instances on Google Cloud, which will cost $25 per day. By no means prohibitive if you want to try and crack one specific WiFi, but too expensive for wardriving etc.
Suppose Alice uses a 14 character password, each character chosen at random from the range [U+0021, U+007E] (e.g., the 94 printable ASCII characters above space). There are 4.21x10^27 or 2^91.8 possible passwords for Alice.
Bob, on the other hand, uses a 20 character password, also chosen at random, but Bob used a much smaller character set. He just used the 10 ASCII digits. There are 1x10^20 or 2^66.4 possible passwords for Bob. (Bob would need 28 digits for his password space to be as large as Alice's).
Bob's passwords come from a much smaller set, and so could be brute forced much faster--if the attacker knew that they only had to search that much smaller set. In most cases, though, the attacker will not know that.
But, a lot of people do use reduced character sets, so I'd expect brute force attackers to give some preference for searching those first--but how much? Would they be likely to find Bob's 20 character all numeric password ahead of Alice's 14 character all-94 password?
The correct answer is that it barely matters.
So an Alice password is worth 27.6 digits and if you went in order of entropy you'd try them after you try 27 digit passwords.
Let's say you think it's overwhelmingly likely that a password is Alice-style, maybe 99% likely. This suggests that you devote 1% of your processing power to Bob style. Instead of trying Alice-style passwords after you try 27 digit passwords, you will try them after... 25 digit passwords
Because the difficulty increases exponentially, devoting just a smidge of processing power to each different kind means that your progress goes roughly in order of increasing entropy.
And Bob's password will be cracked first, since "digits" is a very reasonable category to devote some computation to.
But you should look up how the default password generation algorithm is from the vendor / model you try to crack.
I make my wifipassword way longer by using my phonenumber
Rainbow tables are fairly useless though.
That's not an "everything's on fire" state of affairs, but it's plenty for a targeted attack against a specific domestic target to be feasible, since most home setups never rotate their password (and certainly aren't rotating it on a 2-day window).
I think most people still don't think of "Key can be brute-forced in a few days of offline processing" as "owned," necessarily.
Previously, I believe, it was thought that you had to test the password against the actual router. An offline attack that lets you try millions of keys per second on as many machines as you want to spin up is pretty close to owned when compared to an online attack that only allows single-digit tests per second.
I have a small server rack at home so I've got a significantly more complicated (and expensive) setup that I wouldn't recommend to even the average reader on HN unless they were interested in the whole homelab thing.
Edit: There is another kind of attack that could extend this though. An attacker sets up an AP with the same SSID, and the same password (using the new attack). Then they kick you off the real network with a deauth attack and hope your device reconnects to theirs.
Edit: FWIW, mesh is the new hype, but it still can’t beat wired access points.
I replaced my router and helped a neighbor replace theirs. After a few months of use, I have no complaints.
But that’s 1 data point.