[question] More security to my wifi password.

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions
Goto page 1, 2  Next
Author Message
elracingETR
DD-WRT Novice


Joined: 05 Jul 2020
Posts: 4

PostPosted: Thu Oct 14, 2021 0:33    Post subject: [question] More security to my wifi password. Reply with quote
Good night everyone, it turns out that I have a nephew who lives with me and is connected to the router with his pc, the pc is used by many of his friends and I would like to know if there is any way to protect my Wi-Fi password, prevent it from being seen or share the password on other devices such as the windows configuration that shows you the password.

Thanks!
Have a rest of the day
Sponsor
mac913
DD-WRT Guru


Joined: 02 May 2008
Posts: 1690
Location: Canada

PostPosted: Thu Oct 14, 2021 2:54    Post subject: Reply with quote
Use MAC Filter under Wireless and only allow device's MAC Address to access the the radio.
_________________
Home Network on Telus PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r47695 Std
R7000 - Wired ISP 4K IPTV Gateway - DDWRT r47695 Std

Off Site 1

R7000 - Gateway & WiFi & WireGuard - DDWRT r47695 Std
E3000 - Client Bridge - DDWRT r46979 Mega K4.4

Off Site 2

R7000 - Gateway & WiFi - DDWRT r47495 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531


YAMon 3.4.6 | DNSCrypt-Proxy V2
DWCruiser
DD-WRT Novice


Joined: 15 Aug 2016
Posts: 34
Location: Melbourne, Australia

PostPosted: Fri Oct 15, 2021 23:03    Post subject: Re: [question] More security to my wifi password. Reply with quote
elracingETR wrote:
...if there is any way to protect my Wi-Fi password, prevent it from being seen or share the password on other devices such as the windows configuration that shows you the password.


There are roughly two angles in your case:

First, set up Guest Wifi on your router with its different password. Let your niece, (or anyone else for that matter) use that Wifi SSID only. This, in effect, isolates Guest Wifi from the rest of your network and, therefore, protects your own password and network.

In short: Use
- password A for Guest Wifi
- password B for your Home wifi
- password C for your router.

Second, use good passwords. See the attached doc. for how to create one.

Good luck.



How 2 create an unhackable password -community service.pdf
 Description:

Download
 Filename:  How 2 create an unhackable password -community service.pdf
 Filesize:  751.95 KB
 Downloaded:  83 Time(s)


_________________
Life is a journey, travel alone makes it less enjoyable and lonely.
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 283
Location: All over the webs

PostPosted: Sat Oct 16, 2021 7:36    Post subject: Reply with quote
I have a script I use for generating strong passwords, and it's dd-wrt friendly. Feel free not to use it. =)

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=330369

I'm laughing after reading the doc title, no such a thing as unhackable exists, It's unrealistic and misleading (misleading because some ppl believe anything they read), words I would have used, unlikely, difficult, hard to crack. I digress...

Especially WIFI stuff, WEP, done to death, no password is secure, wpa2 almost same, wpa3 already been hacked the hell out of shortly after it became the it kid on the block.

Any tech developed by [imperfect] people working for corporations pushing for deadlines and bottom lines is more likely to be flawed 1000 fold. I'd never trust manufacturers FW anything for one purely because outdated libraries kernels and filled with CVE's

Sorry for the rant people. unhackable, hahahaha sigh.

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @
#style_it_themes_public:matrix.org or
#dd-wrt_non_official:matrix.org
DWCruiser
DD-WRT Novice


Joined: 15 Aug 2016
Posts: 34
Location: Melbourne, Australia

PostPosted: Sat Oct 16, 2021 12:26    Post subject: Reply with quote
Firstly, yeah, maybe the word 'Unhackable' was ambitious. But I meant to say it applies only to a non-governmental hacker during his lifetime using brute force (as mentioned in point 5).

Secondly, I am aware that the six vulnerable points relating to WPA3 being hacked (that I think you alluded to) involve mainly using free wifi/hotpsot provided by others such as at shopping centres, hotels, coffee shops, etc. which you have NO control over, whether its setup or its security, including password length. The document, as written, obviously does not apply to free wifi or hotspot where you are given a password. However, if you can cite other specific vulnerabilities relating to one's own Wifi setup, I am interested to find out. Please be specific.

Thirdly, too long a password makes it practically impossible to keep it in the most secure way: inside one's head. Your proposed password is not necessarily more secure than one of sufficient length but there is no trace of it, at all, outside one's memory when one has to invoke it.

It defeats its own purpose.

_________________
Life is a journey, travel alone makes it less enjoyable and lonely.
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1182

PostPosted: Sat Oct 16, 2021 15:02    Post subject: Reply with quote
For long wifi passwords, I use a qr code generator... then I have people take a snapshot on their device... for most else copy and paste works fine... but on some devices that are manual still (say streaming device or TV...), it becomes a difference of how much effort do I want to put in... I will often create a VAP for them with an easier to enter (still long/random), but if someone gets into that one, at least it is isolated...

Agree with both of you encryption is not unbreakable -- it is the amount of time that it takes to break before the information is not sensitive anymore
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 11221
Location: Texas, USA

PostPosted: Sat Oct 16, 2021 16:35    Post subject: Reply with quote
@DWCruiser: "non-governmental"? It wasn't a government-employed black hat that wrote *the original* passcrack, thanks.
_________________
Official Forum Rules, Guidelines & Helpful InformationFirmware FAQInstallation WikiWhere Do I Download Firmware‽
DON'T use Chromium-based browsersRTFM/STFW TL;DR is NOT an excuse. • Why Should I Care What Color the Bikeshed Is‽
Please DO NOT PM me with questions; Ask in the forum. ---------------------- Linux User #377467 counter.li.org / linuxcounter.net
DWCruiser
DD-WRT Novice


Joined: 15 Aug 2016
Posts: 34
Location: Melbourne, Australia

PostPosted: Sat Oct 16, 2021 22:08    Post subject: Reply with quote
Truth be told that it's unlikely someone would try to hack into your home wifi just because it can be done in theory. It is a different matter, of course, if one is targeted by authority such as the NSA; Or your neighbor has no better thing to do than trying to hack it for the sake of doing it so he can boast about it at the next neighborhood's BBQ!

So the word 'Unhackable' is not wrong in a relative sense within the context, i.e. over one's lifetime.

__________
@kernel-panic69
I wrote a post-grad paper on the Internet in 2000. As you know, the Internet has its origin in DARPA (Defense Advanced Research Agency). In a nutshell, it was designed as a means of communications following a nuclear exchange between the former Soviet Union and the USA. Packet-Switching and No Headquarters were its two important design features. Hence the inherent insecure nature of Internet.

To answer your question though. Just because it is not reported in the media, it does not mean the NSA does not have the capacity given its resources and national security concerns in relation to threats from foreign countries. Or has not already tried it. I suggest a read on Edward Snowden. The one-page document implies the exclusion of governmental hackers for this reason.

_________________
Life is a journey, travel alone makes it less enjoyable and lonely.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 11221
Location: Texas, USA

PostPosted: Sat Oct 16, 2021 23:24    Post subject: Reply with quote
You forgot ARPANET (Non-Government, Institutions Of Higher Learning). And it wasn't anyone (originally) involved with the NSA or the US (or any) Government (agency) that wrote the original passcrack code, if my memory isn't failing me. And I am fully aware of what the NSA and other agencies are capable of, to put it lightly.

I'm personally not the guy that would do such things - cracking into wifi - but it's not out of reach. But you can use pretty much any password generator given the right settings to generate some pretty strong passwords. I think they just recently bumped the requirement to 16 characters. I didn't think anyone would crack 14...

_________________
Official Forum Rules, Guidelines & Helpful InformationFirmware FAQInstallation WikiWhere Do I Download Firmware‽
DON'T use Chromium-based browsersRTFM/STFW TL;DR is NOT an excuse. • Why Should I Care What Color the Bikeshed Is‽
Please DO NOT PM me with questions; Ask in the forum. ---------------------- Linux User #377467 counter.li.org / linuxcounter.net
DWCruiser
DD-WRT Novice


Joined: 15 Aug 2016
Posts: 34
Location: Melbourne, Australia

PostPosted: Sun Oct 17, 2021 0:09    Post subject: Reply with quote
kernel-panic69 wrote:
You forgot ARPANET (Non-Government, Institutions Of Higher Learning). And it wasn't anyone (originally) involved with the NSA or the US (or any) Government (agency) that wrote the original passcrack code, if my memory isn't failing me. And I am fully aware of what the NSA and other agencies are capable of, to put it lightly.


You're right, APARNET was the body that contributed significantly during the Laboratory Stage of the Internet with its adoption of TCP/IP in 1983. Fact is APARNET was under the control of DARPA until 1983 when Dept of Defense moved its military segment away from APARNET to form MILNET. But TCP/IP links them all of course. As I mentioned earlier, the Internet has its origin in DARPA. Although email, ethernet and WWW later, transformed and enriched the original concept of being a means of communications.

kernel-panic69 wrote:
'm personally not the guy that would do such things - cracking into wifi - but it's not out of reach. But you can use pretty much any password generator given the right settings to generate some pretty strong passwords. I think they just recently bumped the requirement to 16 characters. I didn't think anyone would crack 14...


I have no doubt you are a responsible Texan as I got friends in Dallas. Smile. Lastly, security, like weapon, is always a moving target.

_________________
Life is a journey, travel alone makes it less enjoyable and lonely.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 11221
Location: Texas, USA

PostPosted: Sun Oct 17, 2021 1:16    Post subject: Reply with quote
It was DCA (Defense Communications Agency) first. I'd rather not get into "toh-MAY-toh", "toh-MAH-toh" discussion here. Because I'll just start typing in assembly language.
_________________
Official Forum Rules, Guidelines & Helpful InformationFirmware FAQInstallation WikiWhere Do I Download Firmware‽
DON'T use Chromium-based browsersRTFM/STFW TL;DR is NOT an excuse. • Why Should I Care What Color the Bikeshed Is‽
Please DO NOT PM me with questions; Ask in the forum. ---------------------- Linux User #377467 counter.li.org / linuxcounter.net
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 283
Location: All over the webs

PostPosted: Sun Oct 17, 2021 19:06    Post subject: Reply with quote
kernel-panic69 wrote:
Because I'll just start typing in assembly language.

While you at that assembly thinga ma jig can I have a cup of coffee pls? Thx so much =)

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @
#style_it_themes_public:matrix.org or
#dd-wrt_non_official:matrix.org
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 11221
Location: Texas, USA

PostPosted: Sun Oct 17, 2021 19:22    Post subject: Reply with quote
Only after I finish typing it all out in Cobol and Fortran. And maybe in C/C++ so all the NKOTB might understand it. Twisted Evil
_________________
Official Forum Rules, Guidelines & Helpful InformationFirmware FAQInstallation WikiWhere Do I Download Firmware‽
DON'T use Chromium-based browsersRTFM/STFW TL;DR is NOT an excuse. • Why Should I Care What Color the Bikeshed Is‽
Please DO NOT PM me with questions; Ask in the forum. ---------------------- Linux User #377467 counter.li.org / linuxcounter.net
MonarchX
DD-WRT User


Joined: 26 Sep 2009
Posts: 118

PostPosted: Sat Oct 23, 2021 14:07    Post subject: Reply with quote
KeePass... I suggest to remember and use 1 "airgap" password that exclusively opens up offline databases of all your passwords that you can copy and paste without viewing. The "airgap" password is not meant to cross any networks. It is only for offline usage. Never write it down, never say it out loud, never share it, and never view it.

It isn't that difficult to come up with a 18-24 symbol password that follows secure password guidelines. Remembering isn't that hard either. You just have to practice typing it or inputting it. Sometimes your hands/fingers remember it (kinetic memory).

What sucks is having to input it all the damn time and being careful not to accidentally type it as your username, which is rarely hidden and reveals what you input in plain text.
DWCruiser
DD-WRT Novice


Joined: 15 Aug 2016
Posts: 34
Location: Melbourne, Australia

PostPosted: Sat Oct 23, 2021 23:14    Post subject: Reply with quote
MonarchX wrote:

It isn't that difficult to come up with a 18-24 symbol password that follows secure password guidelines. Remembering isn't that hard either. You just have to practice typing it or inputting it. Sometimes your hands/fingers remember it ...


Your point is sound and easily accepted by geeks like you and me, perhaps. Smile

But when applied to supporting >150 users of financial system at several education institutions on a daily basis, it was a challenge as well as a mission for me. Partly because users were required to change their passwords every 60 days. I was working as an employee then.

The one-page document attached earlier in this thread was prepared with an aim to to help those users in the most simple way possible that I could. The original poster of this thread is easily among those users.

Give a man a fish, you feed him for a day. Teach a man to fish, you feed him for a lifetime. So the saying goes.

_________________
Life is a journey, travel alone makes it less enjoyable and lonely.
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum