Wi-Fi Security


Last update: Feb 08 2016 12:15 EDT

Every few months I re-evaluate the state of Wi-Fi security to ensure that I'm keeping up with best practices, and to see which protocols and settings are no longer secure.

Executive Summary:
Only WPA2 in AES mode (not TKIP), with a shared key (password) size of 32 or more (63 is best practice) using mixed case alphabetic, numeric and special characters (e.g. $#_-! etc.) at random with no dictionary words nor repeating sequences is potentially secure, and then only if you change the SSID (broadcast name, e.g. "linksys") of the Wi-Fi router to be something unique & uncommon, while running an updated firmware that truly respects the WPS Disabled setting.

Note: I'm using the shorthand term "insecure" below to mean that the security can be broken within a few seconds to a few minutes, i.e. routine and software automated, and that the traffic can either be sniffed & data mined (for passwords, credit cards or other detail), or that the attacker can choose to access your network or machines on your network. Depending on how your router and computers & devices on your network are configured, this can also mean man-in-the-middle style attacks as well.

If you are using Wi-Fi from a public hotspot, you are pretty much guaranteed it will not be set up with anything resembling proper security, leaving you very vulnerable. This isn't a theoretical concern, it is a widely experienced problem. To help reduce the risk, I recommend that if you're connecting over public Wi-Fi, that you use a VPN. If you don't have your own VPN, a good service is Cloak.

To provide feedback, corrections or suggestions, please send an email to: back feed @ height8 .com (remove the spaces from the email address if you're doing a copy/paste). In your email, please mention you are referring to: info/security/wireless/wifisummary