hanno3d ago

Not sure if this is a hot take, but: I believe most WiFi passwords serve no meaningful purpose and are actively harmful to security.

You all know how this works. You're in a hotel, at a conference, in a restaurant, etc., you want to connect to the wifi. There's probably a sign somewhere with the password.

First of all, it's annoying that you have to figure out where to find it, ask around if anyone knows it.
🧵

Show threadhanno3d ago

What security goal does that password serve? I'd say, there's no reasonable "threat" you're defending against.

The password is freely shared.

Yeah, you're "protecting" your Wifi from being used by a random stranger sitting somewhere close enough to use it, but not a guest of your facility/event/... - but is that really something it's worth to protect against?

Show threadmik
@hanno The goal is to have a least some encryption for the data transmitted over the network. I know it's a low barrier, but it's better than nothing. And for many (especially non-tech) people, you can still get a ton of useful info out of their non-encrypted traffic (DNS, ..).
I mean WPA3-OWE is a thing, but I think it's not yet supported everywhere.
Apr 3 at 6:17amWeb