hanno3d ago

Not sure if this is a hot take, but: I believe most WiFi passwords serve no meaningful purpose and are actively harmful to security.

You all know how this works. You're in a hotel, at a conference, in a restaurant, etc., you want to connect to the wifi. There's probably a sign somewhere with the password.

First of all, it's annoying that you have to figure out where to find it, ask around if anyone knows it.
🧵

Show threadhanno

What security goal does that password serve? I'd say, there's no reasonable "threat" you're defending against.

The password is freely shared.

Yeah, you're "protecting" your Wifi from being used by a random stranger sitting somewhere close enough to use it, but not a guest of your facility/event/... - but is that really something it's worth to protect against?

Apr 3 at 6:08amWeb
Show threadhanno3d ago

But why actively harmful?

You're conditioning people to treat a "password" not like a secret. If you missed the sign at the entrance, you'll ask the next person for the wifi password. And, of course, they'll usually give it to you.

That's obviously not how you should treat passwords.

We call a thing a "password" if it serves a security purpose, locks access to something that's for you, not for random other people. We probably shouldn't call things "passwords" that aren't like that.

Show threadNils3d ago

@hanno Technically it's a pre-shared key, no? I think that terminology much better describes what it does, but yeah, nobody is using it.

And I believe using a PSK serves as a very simple but effective purpose: if you're using an unencrypted WiFi, your clients may expose the SSID in their probe requests, making it very easy to create an ad-hoc fake AP for any of the unencrypted networks in their list.

Show threadNils3d ago
@hanno But that doesn't solve the issue that popular networks like WiFIonICE have, PSK or not: half the people in Germany likely have it on in their phone and are prone to fake APs...
Show threadmik3d ago
@hanno The goal is to have a least some encryption for the data transmitted over the network. I know it's a low barrier, but it's better than nothing. And for many (especially non-tech) people, you can still get a ton of useful info out of their non-encrypted traffic (DNS, ..).
I mean WPA3-OWE is a thing, but I think it's not yet supported everywhere.
Show threadBradalot “3d ago

@hanno

Brainstorming non-security purposes:

Marketing: Our service is exclusive to you. You are special. The fee you paid to be here gives you something that we only give to you.

Capacity: We cover a wide area, but only provide limited capacity on the high-bandwidth channel. We can make selected users happy by reducing the number of who have access.

Status: Interactions with staff are annoying to some, but for others they are a sign of high-end service. The power to receive a secret or exclusive benefit is worth paying for.

Advertising intelligence: If you use a locally distributed password, the system knows where you are, and can target advertising. The sign that announces the password can also have advertising, to which you pay attention because it is adjacent to something you know you need.

Show threadKenny3d ago
@hanno It has the benefit that a Pairwise Transient Key can be generated to encrypt the traffic on air. It‘s not perfect as someone knowing the Pre-Shared Key only has to also capture the 4-way handshake to re-generate the PTK. But it‘s at least something.