Mastodawn

Not sure if this is a hot take, but: I believe most WiFi passwords serve no meaningful purpose and are actively harmful to security.

You all know how this works. You're in a hotel, at a conference, in a restaurant, etc., you want to connect to the wifi. There's probably a sign somewhere with the password.

First of all, it's annoying that you have to figure out where to find it, ask around if anyone knows it.
🧵

Show thread

hanno 3d ago

What security goal does that password serve? I'd say, there's no reasonable "threat" you're defending against.

The password is freely shared.

Yeah, you're "protecting" your Wifi from being used by a random stranger sitting somewhere close enough to use it, but not a guest of your facility/event/... - but is that really something it's worth to protect against?

Show thread

Kenny

@hanno It has the benefit that a Pairwise Transient Key can be generated to encrypt the traffic on air. It‘s not perfect as someone knowing the Pre-Shared Key only has to also capture the 4-way handshake to re-generate the PTK. But it‘s at least something.