WPS WiFi setup Security Conscious? Or just inconvenient?

 

I decided to do a bit of research after trying, unsucessfully, to connect a co-workers iPhone using WPS WiFi setup to our WiFi at work. I had forgotten the security code for the router and the tag on the back had been removed, the only way to connect at this point would be using WPS push button method. A tool which Apple has never used on their phones, some say for security reasons. Phil Kearney one-time Apple employee says otherwise here.

We use WPS (WiFi Protected Setup) at work so we don’t have to give out the actual password. To me this seems more secure than havings potentially hundreds of people out there with the PW, or encryption key. This gives a degree of control to who uses the network. Yes, WPS is more vulnerable to brute force attack than a strong encryption key. What people don’t realize though is that this is still much more secure than giving out the key to those who you want to give access and does nothing to affect the security of the device accessing the router. This is yet just another instance where Apple tries to claim its concerned about the well being of its users (then talks them into using the cloud, but that’s another story).

Most, if not all, other devices give their users the convenience of connecting quickly and securely without having to ask some one for a code. I have to wonder why people would still be buying a device which puts yet another hurdle in their path. Needless to say the employee I tried to help has to burn up her data because she has no net access.

For those of you worried about some hacker accessing your home network, WPS can be turned off and just the key can be used. But IMHO, this is like parking your car in a vault in fear of getting the radio stolen.

nnik

Love the outdoors, animals and repurposing old stuff

  • BlueTroll

    I just read Phil Kearney’s argument about WPS and I don’t necessarily buy it it. Perhaps from a corporate environment that approach works. However I feel that having to get a notification about someone wanting to join my home network is counterproductive. Most WiFi access points can create guest accounts. So if someone wants to use my WiFi and it’s temporary, they get the guest account that I change the password on regularly. If it’s another home device, I’m obviously going to want to give it permanent access, so WPS could work just as easily as the password for the main account. So I don’t see the need for the elaborate method Phil Kearney suggested.

Top