Not sure if this is a hot take, but: I believe most WiFi passwords serve no meaningful purpose and are actively harmful to security.
You all know how this works. You're in a hotel, at a conference, in a restaurant, etc., you want to connect to the wifi. There's probably a sign somewhere with the password.
First of all, it's annoying that you have to figure out where to find it, ask around if anyone knows it.
🧵
I don’t know what the current wifi deployment state is
Open WiFis used to have the issue, the the air traffic is unencrypted and everyone can read it
When a password is used, all sessions have individual keys
I believe OWE was supposed to solve it. But I have no ideas how often it is actually used
I wonder how far we are to have public wifi with pre shared public key (via QR) und secret key known to the access point.
This would prevent the wifionice spoofing
hanno
gmthor