[WARNING] Five WiFi Security Mistakes

Category: Security , Wireless

Wireless networking is convenient and liberating, and essential if you have a smartphone, laptop or tablet. But if you aren’t careful, using wireless Internet can leave you open to hackers and unauthorized moochers of your Internet service. Here are five of the biggest mistakes that people make with WiFi, and how to avoid them. Read on!

Is Your WiFi Wide Open?

Several years ago, I got Verizon's FIOS high-speed Internet service at my home. And then something curious happened. Cars were stopping in front my house, and staying for 10 or 20 minutes. There's no reason for anyone to stop there, so my spider sense began to tingle. After checking my wireless router, I found that Verizon had left it wide open. Without a wifi password, anyone could connect! I locked down the router's wifi signal with a password, and my daily stream of visitors stopped.

MISTAKE #1: Failing to put a password (also called an encryption key) on your WiFi lets anyone within range of your wireless router join your network. If file and printer sharing are also enabled, random passersby may be able to sift through files on every computer on your home or office network. Unencrypted WiFi also allows eavesdropping on your Internet traffic, even if the snoop is not connected to your network. Data passing between a computer and a wireless router is broadcast in all directions as far as several hundred feet.

Wifi Security Mistakes

Moochers on unsecured WiFi networks may slow the traffic of authorized users, or even download illegally while leaving the network’s owner with the legal consequences. For these reasons, it’s vital to set up your wireless network to use one of the encryption methods built into all wireless routers.


MISTAKE #2: While you're locking down your wifi signal, don’t make the mistake of choosing WEP encryption, the oldest and weakest encryption method. It can be cracked in about two minutes using software easily found online. Unfortunately, WEP is often the first option on a router’s list of available encryption methods, so don’t be lazy and choose it for that reason. Use WPA2 encryption with the Personal (PSK) option, for the best protection.

(See my related article Is Your Wireless Router REALLY Secure? to learn how a couple in Minnesota almost got framed for harassment, trafficking in child porn, and threatening the Vice President -- all because they used WEP encryption on their wireless router.)


MISTAKE #3: Weak encryption keys (passwords) are a related mistake. Strong encryption is of no use if a hacker can obtain your password by brute force attempts or by guessing it. Some wireless routers come with a default (factory set) password like "admin" or "password". And sometimes, internet service providers will set your wifi password to your home phone number. Passwords like these are trivial for even the most clueless hackers to guess. It's also common for the router's login credentials and/or wifi password to be listed on a sticker applied to your router.

Let me clear up a common point of confusion here. Your internet router has a username and password that you'll need if you want to login and change any settings. One of those settings is the wifi password. So there are TWO passwords being discussed here, and both are important. Your Internet Service Provider should have given you the router's username and password, if they supplied the router. Otherwise, look for it in the manual that came with your router.

Strong passwords should be at least 12 characters long and include a mixture of upper/lower case letters, digits, and special characters. For example, the password "M@ry Had a L1ttl3 L4mb" is a much better choice than "123456" or "qwerty". You needn't worry about entering this password over and over. Typically, you'll only need the wifi password when setting up a new device such as a laptop, tablet, smartphone, or wireless printer. (See Hey, Is This Your Password? to find out if your password is one of the 25 most common and easily guessed.)


MISTAKE #4: Disabling the firewall built into most modern routers in hope of getting faster Internet is a fourth mistake. Firewalls keep unauthorized outsiders from getting into your network. They do not appreciably slow your Internet connection. Do not disable your router’s firewall. (See Do I Really Need a Firewall? to learn more about firewalls.)


MISTAKE #5: Relying on stealth alone to escape hackers’ attention is a mistake that some people make. Some people think that they can get away without encryption or a password on their wifi, just by hiding their wifi router's SSID. Yes, most routers have a setting to disable the broadcasting of the router’s SSID (name) so that other WiFi users within range won’t “see” it on the list of available wireless connections. Disabling the SSID isn't a bad idea. It will make your wifi signal invisible to most casual passers-by. But the SSID is included with many kinds of Internet traffic, so a hacker with free "sniffer" software can intercept and discover your router’s SSID.

Similarly, using MAC address filtering to allow only specific devices to connect to your network isn't a reliable method either. MAC addresses are easily spoofed and, like SSIDs, are embedded in Internet traffic that can be intercepted. Another downside of using MAC address filtering is the inconvenience involved. You'll need to update your list of allowed MAC addresses whenever you want to connect a new device, or to allow a guest access to your WiFi. MAC address filtering is a good supplementary security precaution in some cases, but do not rely on it alone.


BONUS: If you have a router that has the WPS (Wifi Protected Setup) feature, your router may be vulnerable to unauthorized users. See my related article WPS Security Flaw: Are You Vulnerable? to see if you are affected, and how to fix the problem if necessary.

If you want some additional tips on wireless security, or information about how to login to your router to change security settings, see my Wireless Network Security Checklist.

Your thoughts on this topic are welcome! Post your comment or question below...

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 28 Mar 2017


For Fun: Buy Bob a Snickers.

Prev Article:
[SOLVED] The Out of Memory Error

The Top Twenty
Next Article:
Geekly Update - 29 March 2017

Most recent comments on "[WARNING] Five WiFi Security Mistakes"

Posted by:

Joe M
28 Mar 2017

Er, you did what? Trusting Verizon to set up your security was your very first mistake and not one that a pro should admit to!


Posted by:

john silberman
28 Mar 2017

What about using a WPS PIN? I thought I read somewhere that WPS PIN can be easily hacked with software such as Reaver. No need to hack WPA if the WPS PIN can be hacked.


Posted by:

Perry
28 Mar 2017

I use Comcast down here in Texas, and although I have always kept my WiFi secure with encryption and firewalls, I feel I am still somewhat vulnerable. Comcast has a policy of including a secondary SSID to every cable router called "xfinitywifi", and anyone can connect to it since it is Open. Yes, to mooch an internat access, they lave to log into a Comcast account, but the fact they can connect to xfinitywifi leaves me concerned nonetheless and I have not been able to determine how to turn that off


Posted by:

john silberman
28 Mar 2017

@Perry, I believe you can opt out "xfinitywifi". If not you can always buy your own cable modem and wifi router.


Posted by:

Rick
28 Mar 2017

Perry , John is correct, you opt out - see https://wifi.xfinity.com/


Posted by:

Cho
28 Mar 2017

@Perry....I had same issue....BUY your own Modem and Router...way less expensive in the long run...


Posted by:

Robert
28 Mar 2017

I am using the wifi password that came with the router. It is 12 characters long with multiple types of characters, caps, numbers, special characters etc. It is, however, on a sticker attached to the router. Is that a problem and if so why?


Posted by:

Rick
29 Mar 2017

Robert: In my experience, Router manufacturers - or ISPs that supply them - have stopped using short/weak passwords in lieu of long/strong ones. So...your 12 char password is likely sufficient. However, if you let someone else install your router, there is at least one person who knows your password (e.g., - the ISP technician, who may or may not be trustworthy). I trust absolutely no one.


Posted by:

Fritz
29 Mar 2017

Re: #5, You can enhance stealth easily by switching off WiFi when you don't use it or when you aren't home. In many routers you can enable a WiFi on/off schedule.


Posted by:

Donna
29 Mar 2017

I have Comcast and they turn on the WIFI outside my home when ever they feel like it so call and tell them to DISABLE it ASAP. Dont listen to their crap "Oh dont you need you Wifi for your friends and family to use? Heck NO, NOT outside your home where anyone can use it and your speed gets slower. I flipped on them as they use my electric to keep that Wifi outside my home ON and I told them they WILL be speaking to my attorney and BOOM...Its off...Go Figure?


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.
[an error occurred while processing this directive]


Article information: AskBobRankin -- [WARNING] Five WiFi Security Mistakes (Posted: 28 Mar 2017)
Source: http://askbobrankin.com/warning_five_wifi_security_mistakes.html
Copyright © 2005 - Bob Rankin - All Rights Reserved