Posted: Thu Oct 14, 2021 0:33 Post subject: [question] More security to my wifi password.
Good night everyone, it turns out that I have a nephew who lives with me and is connected to the router with his pc, the pc is used by many of his friends and I would like to know if there is any way to protect my Wi-Fi password, prevent it from being seen or share the password on other devices such as the windows configuration that shows you the password.
Use MAC Filter under Wireless and only allow device's MAC Address to access the the radio. _________________ Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9
Off Site 1
R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4
Off Site 2
R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531
Joined: 15 Aug 2016 Posts: 223 Location: Melbourne, Australia
Posted: Fri Oct 15, 2021 23:03 Post subject: Re: [question] More security to my wifi password.
elracingETR wrote:
...if there is any way to protect my Wi-Fi password, prevent it from being seen or share the password on other devices such as the windows configuration that shows you the password.
There are roughly two angles in your case:
First, set up Guest Wifi on your router with its different password. Let your niece, (or anyone else for that matter) use that Wifi SSID only. This, in effect, isolates Guest Wifi from the rest of your network and, therefore, protects your own password and network.
In short: Use
- password A for Guest Wifi
- password B for your Home wifi
- password C for your router.
Second, use good passwords. See the attached doc. for how to create one.
Good luck.
How 2 create an unhackable password -community service.pdf
I'm laughing after reading the doc title, no such a thing as unhackable exists, It's unrealistic and misleading (misleading because some ppl believe anything they read), words I would have used, unlikely, difficult, hard to crack. I digress...
Especially WIFI stuff, WEP, done to death, no password is secure, wpa2 almost same, wpa3 already been hacked the hell out of shortly after it became the it kid on the block.
Any tech developed by [imperfect] people working for corporations pushing for deadlines and bottom lines is more likely to be flawed 1000 fold. I'd never trust manufacturers FW anything for one purely because outdated libraries kernels and filled with CVE's
Joined: 15 Aug 2016 Posts: 223 Location: Melbourne, Australia
Posted: Sat Oct 16, 2021 12:26 Post subject:
Firstly, yeah, maybe the word 'Unhackable' was ambitious. But I meant to say it applies only to a non-governmental hacker during his lifetime using brute force (as mentioned in point 5).
Secondly, I am aware that the six vulnerable points relating to WPA3 being hacked (that I think you alluded to) involve mainly using free wifi/hotpsot provided by others such as at shopping centres, hotels, coffee shops, etc. which you have NO control over, whether its setup or its security, including password length. The document, as written, obviously does not apply to free wifi or hotspot where you are given a password. However, if you can cite other specific vulnerabilities relating to one's own Wifi setup, I am interested to find out. Please be specific.
Thirdly, too long a password makes it practically impossible to keep it in the most secure way: inside one's head. Your proposed password is not necessarily more secure than one of sufficient length but there is no trace of it, at all, outside one's memory when one has to invoke it.
It defeats its own purpose. _________________ Life is a journey; travel alone makes it less enjoyable and lonely.
For long wifi passwords, I use a qr code generator... then I have people take a snapshot on their device... for most else copy and paste works fine... but on some devices that are manual still (say streaming device or TV...), it becomes a difference of how much effort do I want to put in... I will often create a VAP for them with an easier to enter (still long/random), but if someone gets into that one, at least it is isolated...
Agree with both of you encryption is not unbreakable -- it is the amount of time that it takes to break before the information is not sensitive anymore
Joined: 15 Aug 2016 Posts: 223 Location: Melbourne, Australia
Posted: Sat Oct 16, 2021 22:08 Post subject:
Truth be told that it's unlikely someone would try to hack into your home wifi just because it can be done in theory. It is a different matter, of course, if one is targeted by authority such as the NSA; Or your neighbor has no better thing to do than trying to hack it for the sake of doing it so he can boast about it at the next neighborhood's BBQ!
So the word 'Unhackable' is not wrong in a relative sense within the context, i.e. over one's lifetime.
__________
@kernel-panic69
I wrote a post-grad paper on the Internet in 2000. As you know, the Internet has its origin in DARPA (Defense Advanced Research Agency). In a nutshell, it was designed as a means of communications following a nuclear exchange between the former Soviet Union and the USA. Packet-Switching and No Headquarters were its two important design features. Hence the inherent insecure nature of Internet.
To answer your question though. Just because it is not reported in the media, it does not mean the NSA does not have the capacity given its resources and national security concerns in relation to threats from foreign countries. Or has not already tried it. I suggest a read on Edward Snowden. The one-page document implies the exclusion of governmental hackers for this reason. _________________ Life is a journey; travel alone makes it less enjoyable and lonely.
Joined: 08 May 2018 Posts: 14125 Location: Texas, USA
Posted: Sat Oct 16, 2021 23:24 Post subject:
You forgot ARPANET (Non-Government, Institutions Of Higher Learning). And it wasn't anyone (originally) involved with the NSA or the US (or any) Government (agency) that wrote the original passcrack code, if my memory isn't failing me. And I am fully aware of what the NSA and other agencies are capable of, to put it lightly.
I'm personally not the guy that would do such things - cracking into wifi - but it's not out of reach. But you can use pretty much any password generator given the right settings to generate some pretty strong passwords. I think they just recently bumped the requirement to 16 characters. I didn't think anyone would crack 14... _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Joined: 15 Aug 2016 Posts: 223 Location: Melbourne, Australia
Posted: Sun Oct 17, 2021 0:09 Post subject:
kernel-panic69 wrote:
You forgot ARPANET (Non-Government, Institutions Of Higher Learning). And it wasn't anyone (originally) involved with the NSA or the US (or any) Government (agency) that wrote the original passcrack code, if my memory isn't failing me. And I am fully aware of what the NSA and other agencies are capable of, to put it lightly.
You're right, APARNET was the body that contributed significantly during the Laboratory Stage of the Internet with its adoption of TCP/IP in 1983. Fact is APARNET was under the control of DARPA until 1983 when Dept of Defense moved its military segment away from APARNET to form MILNET. But TCP/IP links them all of course. As I mentioned earlier, the Internet has its origin in DARPA. Although email, ethernet and WWW later, transformed and enriched the original concept of being a means of communications.
kernel-panic69 wrote:
'm personally not the guy that would do such things - cracking into wifi - but it's not out of reach. But you can use pretty much any password generator given the right settings to generate some pretty strong passwords. I think they just recently bumped the requirement to 16 characters. I didn't think anyone would crack 14...
I have no doubt you are a responsible Texan as I got friends in Dallas. . Lastly, security, like weapon, is always a moving target. _________________ Life is a journey; travel alone makes it less enjoyable and lonely.
Joined: 08 May 2018 Posts: 14125 Location: Texas, USA
Posted: Sun Oct 17, 2021 1:16 Post subject:
It was DCA (Defense Communications Agency) first. I'd rather not get into "toh-MAY-toh", "toh-MAH-toh" discussion here. Because I'll just start typing in assembly language. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
KeePass... I suggest to remember and use 1 "airgap" password that exclusively opens up offline databases of all your passwords that you can copy and paste without viewing. The "airgap" password is not meant to cross any networks. It is only for offline usage. Never write it down, never say it out loud, never share it, and never view it.
It isn't that difficult to come up with a 18-24 symbol password that follows secure password guidelines. Remembering isn't that hard either. You just have to practice typing it or inputting it. Sometimes your hands/fingers remember it (kinetic memory).
What sucks is having to input it all the damn time and being careful not to accidentally type it as your username, which is rarely hidden and reveals what you input in plain text.
Joined: 15 Aug 2016 Posts: 223 Location: Melbourne, Australia
Posted: Sat Oct 23, 2021 23:14 Post subject:
MonarchX wrote:
It isn't that difficult to come up with a 18-24 symbol password that follows secure password guidelines. Remembering isn't that hard either. You just have to practice typing it or inputting it. Sometimes your hands/fingers remember it ...
Your point is sound and easily accepted by geeks like you and me, perhaps.
But when applied to supporting >150 users of financial system at several education institutions on a daily basis, it was a challenge as well as a mission for me. Partly because users were required to change their passwords every 60 days. I was working as an employee then.
The one-page document attached earlier in this thread was prepared with an aim to to help those users in the most simple way possible that I could. The original poster of this thread is easily among those users.
Give a man a fish, you feed him for a day. Teach a man to fish, you feed him for a lifetime. So the saying goes. _________________ Life is a journey; travel alone makes it less enjoyable and lonely.