The author is worried about WiFi passwords? If you trust that your WiFi is secure in general, you're in trouble. WPS is horribly insecure, for example, and that's what most home users use. Most user-chosen passwords are incredibly easy to guess for another. The better thing to do is to assume that your network traffic is always under surveillance (since the NSA is tapping Tier1 network providers), and to encrypt everything, or use network protocols which encrypt everything.
The only thing WiFi passwords are good for is to prevent your neighbors from using your network and using up all of your bandwidth (which would slow down your network access) and preventing drive-by spammers/hackers from doing things which you might then get blamed for.
That was my first thought as well. Simply removing your WiFi password can have unintended consequences, especially for people with little technical skills.
Fortunately, it is entirely unnecessary to remember your Wifi password (provided that you trust your devices…).
Create a near-random 63 char password, put it in a text file on a USB key and possibly print it out as a QR code and you’ll never have to worry about either entering it by hand or it getting cracked by that strange kid across the street.
i'd like you to come and crack my WPA2 password. its not because wifi has had various bad issues, that current wifis with a proper configuration aren't secure.
Heck, in many countries, wifi routers actually use WPA2 with a pregenerated shared key, which is a good 24 chars long and fully random. Incredibly easy to guess or crack! (its very, very hard to crack.)
No way. “password” protects me from the neighbor torrenting movies or Googling bomb recipes or whatever, which is the bulk of the threat model for residential Wi-Fi.
It's only been in the last few years that home wifi routers came with passwords by default. Before that, they defaulted to open access with no password.
WPA is much better than WEP, but not uncompromised in the face of a determined attacker. Or to put another way, it's often good enough, but not always.
> Microsoft claims users will not be able to find the password and that users will only be able to access the Internet, but that assumes there are no security holes.
You don't even need a "security hole": the machine needs to know the key to connect. From there, it's your machine -- you will be able to read it out of memory. Now, this is probably out of reach for most "average users", but for even a moderately capable attacker it provides little protection (and tools automating this will likely become available).
At best, if the Wifi network is using a passphrase it'll only send you the key (which is calculated by applying the PBKDF2-HMAC-SHA1 function to the passphrase using the SSID as a salt for 4,096 iterations), but this still lets the user get on the network and decrypt traffic.
reply