[Cryptography] Current state of WPA2 security for IoT access ?

[Henry Baker]

--

https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access

A sysadmin told me within the last week that WPA2 was easily broken
via Aircrack.

I wasn't aware of this; is this really true?

The overall question I'm interested in has to do with IoT wifi access.

If I try to hide a WPA2 access password in an IoT device, someone can
easily steal the (outdoor) IoT device & "waterboard" it until it gives
up the WPA2 password.

So what is the current recommendation w.r.t. IoT devices accessing
WPA2 wireless routers?