Changing wireless network password

[Clannad_92]

hi all, first of all im not that knowledgeable in this kind of field, so bear with me...

i want to change my wifi password, but didnt know which one to choose...
below is the security (i read at google, didnt understand, so maybe):


but some thread i found suggest wpa, wpa2, wpa-psk, wpa2-psk...but the explanation is difficult...
so, im hoping for some explanation that is simple but meaningful...

thanks~

[JoonasTo]

WPA2-PSK is what you want unless you need to add some WPA devices(Xbox360 ) into the network, then WPA-PSK. Choose AES encryption.

[Clannad_92]

ohhh...do you mean wpa2psk is for newer device?
how to know if a device compatibility? i think all device in my house can use wpa2psk...maybe...

so, wpapsk is the 2nd choice eh?

whynot wpa2 or wpa? no need to ask wep, as i have seen my friend cracking his own wifi with wep (demo)...

[JoonasTo]

Just set WPA2-PSK and see if they can connect to the network or not.
WPA2 is more advanced than just WPA. Those mixed options might or might not work for WPA devices depending on the devices, theoretically they should....

The ones without PSK are for more professional networks and if you select it you will see they use encryption keys, not passwords.

[Clannad_92]

okay, will do that...

btw, i think that all device in my house can use wpa2psk, since im using connectify which have option for "wpa2psk"...

will update after changing it...

thanks~

[megido-rev.M]

As mentioned, just use WPA2-PSK+AES, and also make sure to use a decently long password.

[Clannad_92]

its working!! i cannot think of any random combo (im not good at creating password) so i copied my graphic card numbers which is 12 character 

what happen if i set my modem like this?
start ip: 192.168.1.2
end ip : 192.168.1.4

and i key in my devices mac number?

[kitamesume]

why do you need a password for wireless o.o

what i did on my router:
disable wireless GUI
set to Open Network
set to block MAC address not in exception list
no SSID broadcast

[JoonasTo]

Depends what you mean by key in your devices mac numbers but assuming you mean you will just make it always assign the same ip to the same mac that's exactly what should happen.

why do you need a password for wireless o.o

what i did on my router:
disable wireless GUI
set to Open Network
set to block MAC address not in exception list
no SSID broadcast

This means you are sending all your data unencrypted and anyone on the range can catch all the data. This includes your bank data, passwords, network traffic, EVERYTHING. Not really a good idea.

[kitamesume]

yes it isn't encrypted, but what are the chances of it being snatched by a real hacker who knows his stuff?
ahh, but HTTPS is encrypted so i doubt wanna-be hackers could snatch infos from me.

edit: to explain why i find it adequately secure.
1) its because it blocks non-white-listed MAC addresses which means they can't tap into the router.
2) they'll need to mirror the transmitted/received data then decode whatever bare minimum encryption was used during the access (which wanna-be hacker has that kind of equipment).
3) they'll need to isolate my router signals before they can mirror it, since the SSID isn't being broadcasted it'll appear as if i don't have a wifi.

i find "White-List + no SSID + locked settings" secure enough for normal usages, the only potential snatchers that can crack this sort of connection are the government or Lulzsec class hackers.
for the record, public unencrypted wifi is more dangerous than this sort of setup.

[Clannad_92]

why do you need a password for wireless o.o

eh? why? wireless obviously...

[kitamesume]

why do you need a password for wireless o.o

eh? why? wireless obviously...

obviously because?
you have a hacker around your area? or are you just paranoid?

[Hakker]

now you don't even have to be hacker around your place. You just have to grab it and you got everything you need. every little kid with a dumb tool can do that.

Lemme guess you keep the door also open when you go shopping.

[Clannad_92]

hackers? this...

now you don't even have to be hacker around your place. You just have to grab it and you got everything you need. every little kid with a dumb tool can do that

and this...maybe yes...

or are you just paranoid?

[Tiffanys]

Here: https://lastpass.com/

Just generate one like 18-20 characters long using A-Z, a-z, 0-9, and Special. The best part is that you don't have to remember it because LastPass can do that for you and you can have it on pretty much any device you own. You can also secure your last pass with a grid multi-factor authentication (which is what I do).

[kitamesume]

now you don't even have to be hacker around your place. You just have to grab it and you got everything you need. every little kid with a dumb tool can do that.

Lemme guess you keep the door also open when you go shopping.

no not really, unless that kid knew what my SSID is and can crack open the router's firewall to insert his MAC address onto the white-list.
or is knowledgeable in mirroring RF noise and isolating which air-borne frequency is my router's then decoding each packet's info.

you make it sound like a 5year old can crack a router's firewall.

edit: hiding SSID is one way of filtering un-intentional evesdropper out of the equation, using a white-list factors out unknowledgeable people.
so whats left that can snatch your info? hackers obviously, so whats the chances of you having a hacker around your area(less than 100m radius)?
speaking of around the area, i've tried connecting right outside the front door, which is about 20m with a clear path towards the router, nope signal bar less than 1. thats what i get when i set transmit power to 12mw.

[Bob2004]

now you don't even have to be hacker around your place. You just have to grab it and you got everything you need. every little kid with a dumb tool can do that.

Lemme guess you keep the door also open when you go shopping.

no not really, unless that kid knew what my SSID is and can crack open the router's firewall to insert his MAC address onto the white-list.
or is knowledgeable in mirroring RF noise and isolating which air-borne frequency is my router's then decoding each packet's info.

you make it sound like a 5year old can crack a router's firewall.

edit: hiding SSID is one way of filtering un-intentional evesdropper out of the equation, using a white-list factors out unknowledgeable people.
so whats left that can snatch your info? hackers obviously, so whats the chances of you having a hacker around your area(less than 100m radius)?
speaking of around the area, i've tried connecting right outside the front door, which is about 20m with a clear path towards the router, nope signal bar less than 1. thats what i get when i set transmit power to 12mw.

You clearly don't know how wifi actually works. It is a broadcast protocol. That means it broadcasts all traffic everywhere within its range, and said traffic can be picked up by any device within range. Not making the SSID public just means it won't broadcast information about the network in response to any requests it receives (that's how devices usually scan for wireless networks - they broadcast a request, and all networks within range respond) - it still broadcasts all traffic freely.

It's not hard to identify traffic from a given device if you want to (since obviously all traffic contains the sending and receiving addresses, it's immediately obvious what traffic is from a given network). And you can identify if there is a network with hidden SSID in range, by using free software like inSSIDer, or more reliably a dedicated spectrum analysis tool (of which there are many).

Obviously, once you've identified there is a hidden network present, there is almost certainly software out there which can download all traffic passing through it. Not having an IP address assigned on that network (because it's using a whitelist, for example) simply means your computer will ignore it by default, and you can't send any traffic on the network yourself. You can still download anything broadcast by the router (given the right software, of course).

TL;DR: Hiding a network just means random passers by won't see it. Anyone who wants to can. And if, then, you leave it unencrypted, anyone can download everything passing through it (just like unencrypted public wifi in a cafe etc). So you should always use encryption and a password, even if you keep the SSID hidden.

[kitamesume]

have you forgotten what i've been pointing at? i'm not securing my wifi, i'm only filtering out evesdroppers, hackers be damned since if they're so inclined as to hack your wifi i doubt they'd even stop short even if its encrypted.

eitherway i've said what i said clear enough.

no not really, unless that kid knew what my SSID is and can crack open the router's firewall to insert his MAC address onto the white-list.
or is knowledgeable in mirroring RF noise and isolating which air-borne frequency is my router's then decoding each packet's info.

accessing the router requires you to crack the router's firewall to insert your white-list.
stealing info would need you to know which packet are mine plus decrypting the packet's content since it runs encrypted (HTTPS, SOCKS, w/e)

TL;DR: Hiding a network just means random passers by won't see it. Anyone who wants to can. And if, then, you leave it unencrypted, anyone can download everything passing through it (just like unencrypted public wifi in a cafe etc). So you should always use encryption and a password, even if you keep the SSID hidden.

edit: hiding SSID is one way of filtering un-intentional evesdropper out of the equation, using a white-list factors out unknowledgeable people.
so whats left that can snatch your info? hackers obviously, so whats the chances of you having a hacker around your area(less than 100m radius)?
speaking of around the area, i've tried connecting right outside the front door, which is about 20m with a clear path towards the router, nope signal bar less than 1. thats what i get when i set transmit power to 12mw.

or to make it easier to understand, hiding SSID = no accidental evesdropper, having a white-list is just an in a case where someone does manage to get my SSID, obviously it doesn't stop someone hacking my packets.
but what the heck, only intentional hackers would do that, and what are the odds of it even happening when you're required to be on the same house to even pickup a signal from my router.


so yeah, stop nit-picking on the details and understand the message first.

[JoonasTo]

It should be noted that while the 2,4GHz(or so) networks signals do faint fast, they're still quite easy to pick up hundreds of meters away, even with low transmission power. If you really want to. Separating them from each other is the issue. This is where your regular wireless cards fail.

Most routers only take root/admin access through wired btw.

Yours seems to be running the same linux that mine does Clannad. 

[Bob2004]

have you forgotten what i've been pointing at? i'm not securing my wifi, i'm only filtering out evesdroppers, hackers be damned since if they're so inclined as to hack your wifi i doubt they'd even stop short even if its encrypted.

eitherway i've said what i said clear enough.

no not really, unless that kid knew what my SSID is and can crack open the router's firewall to insert his MAC address onto the white-list.
or is knowledgeable in mirroring RF noise and isolating which air-borne frequency is my router's then decoding each packet's info.

accessing the router requires you to crack the router's firewall to insert your white-list.
stealing info would need you to know which packet are mine plus decrypting the packet's content since it runs encrypted (HTTPS, SOCKS, w/e)

TL;DR: Hiding a network just means random passers by won't see it. Anyone who wants to can. And if, then, you leave it unencrypted, anyone can download everything passing through it (just like unencrypted public wifi in a cafe etc). So you should always use encryption and a password, even if you keep the SSID hidden.

edit: hiding SSID is one way of filtering un-intentional evesdropper out of the equation, using a white-list factors out unknowledgeable people.
so whats left that can snatch your info? hackers obviously, so whats the chances of you having a hacker around your area(less than 100m radius)?
speaking of around the area, i've tried connecting right outside the front door, which is about 20m with a clear path towards the router, nope signal bar less than 1. thats what i get when i set transmit power to 12mw.

or to make it easier to understand, hiding SSID = no accidental evesdropper, having a white-list is just an in a case where someone does manage to get my SSID, obviously it doesn't stop someone hacking my packets.
but what the heck, only intentional hackers would do that, and what are the odds of it even happening when you're required to be on the same house to even pickup a signal from my router.


so yeah, stop nit-picking on the details and understand the message first.

But... why would you go out of your way to reduce the security of your network for no good reason?There's no benefit to doing so, and probably even just leaving the router at its default settings (presumably visible SSID with WPA-PSK), and simply changing the password, would be more secure while also stopping anyone from accidentally eavesdropping on your internet activity (how the hell do you even do that by accident anyway?).