How to Secure Your Wi-Fi Network, and Keep your Data Safe

Even If You're a Complete Technophobe

How to Secure Your Wi-Fi Network, and Keep your Data Safe

People often ask me, why I use such extremely long Wi-Fi passwords.

Well, for starters, I’ve been configuring wireless networks ever since Cisco acquired Aironet, back in 1999, so I know a thing or two about Wi-Fi security.

Did you know that since the original Wi-Fi standard (IEEE802.11) was published in 1997, there have been serious security vulnerabilities in almost every single Wi-Fi standard, including WPA (wireless protected access).

So does that mean that all Wi-Fi can be hacked?

Not exactly.

What it means is that badly configured Wi-Fi can often be easily hacked, but well-configured Wi-Fi can be extremely difficult to compromise.

Just ask Edward Snowden.

But why should you care about securing your Wi-Fi?

I mean who would want to hack you at home?

Nowadays with so many employees working from home, and mobile workers using their laptops in hotels and cafés, the risk of insecure Wi-Fi causing cyber security incidents is much higher.

So, what can you do?

Well, if you are responsible for your IT, then the first thing to do is ensure that your home Wi-Fi is configured to the highest security level possible. More on that in a minute.

If you are a security officer or CISO, as well as using WPA3-Enterprise in your offices, you should be advising your home users on exactly how to secure their own Wi-Fi.

Cover it in your security awareness program.

Keeping it simple here, home users must use WPA3 security on their home Wi-Fi router if possible or WPA2 with AES encryption at worst, and they should disable WPS PIN.

The latest iPhones all support WPA3, so check if the broadband router does, and if not add a WPA3-compatible access point and disable the router's Wi-Fi network.

And always use an uncommon SSID (network name).

Why is that?

It’s because rainbow tables exist for the most popular Wi-Fi network names, and it’s much easier to crack a Wi-Fi password if the attacker has a rainbow table for your network name.

And most important of all, use a complex pre-shared key (Wi-Fi password).

By complex, I mean use the maximum allowed 63 characters.

But Michael, how can you expect the average granny or technophobe like me to enter a 63-character WPA pre-shared key into a smartphone?

Easy.

Create a QR code for your Wi-Fi network, so that you and all of your home users need to do, is scan the QR code, and like magic, you are connected.

But how do you create a QR code for your Wi-Fi?

Just put this into a text editor like Notepad or Sublime

WIFI:T:WPA;S:<SSID>;P:<PASSWORD>;;

Replace <SSID> with your Wi-Fi network name, and <PASSWORD> with your new 63-character pre-shared key.

Then use a trusted app from the Apple App Store or Windows Store to generate your QR code.

Don’t do this online using a website.

Example

Let’s say your SSID (network name) is MYHOMENETWORK and your password is I_hate_long_passwords

You need to encode the following:

WIFI:T:WPA;S:MYHOMENETWORK;P:I_hate_long_passwords;;

But how do you generate a random 63-character pre-shared key?

The easiest way is to use a good password manager like Bitwarden.

Tip. If there is a semi-colon ":" in your 63-character password, replace it with something else, otherwise your QR code may not work.

Once you have your nice shiny QR-code, just scan it with your iPhone camera and join the network, or in Android add a Wi-Fi network and select the QR-code symbol (next to the password field) on your phone to scan the QR-code and join the network.

Voila.