said by Reno7:
Next weekend I'm going to setup WiFi at my mothers house. I'm going to upgrade to a higher end router and giver her my old router and use WPA2 Personal.
Myself, I've always used a randomly generated 63 ascii character password (which the only negative is typing that sucker into a cell or something where you can stick it on a text pad and paste it in).
My mother has a lot of family and close friend visitors with a few that occasionally stay the night. They are going to be using the WiFi.
So, I'm trying to figure out exactly what to do for a password. I'm not around to watch her network, so I want something secure, but I also need something that's easy for 'guests' to type in.
Any thoughts? Like maybe some kind of sentence or phrase that's easy to type? Thanks!
Hi, Reno. Currently, the most secure reasonably-easy-to-remember password/passphrase design involves the use of a three-to-five-word assembly of unrelated words - with the words concatenated together.
Have your mom pick three words at random that she can remember. String the words together in a random order. That becomes the password/passphrase.
Important things NOT to do:
1. The dog is not one of the words.
2. Her street is not one of the words.
3. Husband's name is not one of the words.
4. Mother's maiden name is not one of the words.
4. You get the idea from the above - the words are *not* ones that are readily deducible by strangers using publicly available information. Non, nil, nix, nicht, nein, etc., etc., etc...
1. A vacation destination your Mom found memorable (IOW, the one that comes to mind first when she thinks about it)
2. Something about her best elementary school friend that immediately comes to mind when she thinks of that person.
3. The name of the spice she uses to make her favorite dish.
Have her string the words together in a pattern that she remembers. Whatever order comes to mind for her first.
Suggestions for improved security:
1. At least one of the words should be in a language which is unrelated to the others. Such as, one word in Hungarian and the rest in Spanish (if she is a native Spanish speaker).
2. Use other examples than the ones I suggest above. Those were just ideas to get you thinking on the pathway to getting random unrelated words that are easy to remember.
Doing the above will end up with a passphrase that is resistant to dictionary attacks - and is complex enough that it resists brute-force cracking methods - while remaining easy to remember.
Once you have this, write a document that contains all the Router information:
2. Admin Password
3. User Password
4. WLAN Authentication/Encryption Scheme (WPA2/AES only)
4. WLAN Passphrase
PRINT THE DOCUMENT. ERASE THE DOCFILE. Defrag the machine to overwrite the docfile such that it cannot be recovered.
Keep the Document in a safe place - NOT related to the Computer. With her other important documents is logical - that way it will be remembered if/when she forgets the passphrase.
Note: Keeping stuff like passphrases on USB keys is unreliable. If you
do so - in order to have a backup of her document - have a paper backup as well.
Physical Security considerations:
1. The Router itself must be physically located where it cannot be tampered with unobserved. A room that can be locked is best. This is especially necessary with computer-savvy teenagers - who will simply reset the router and use it unsecured if they have physical access to the unit.
2. Do not expect your mom to be savvy about risks regarding friends-of-friends. Make her aware that the Router password is the electronic equivalent of her front door house key. This does NOT get released into the hands of people your mom does not personally know and trust.
3. Teach your mom how to disable the radio on her Router (or at least how to turn the Router off). Get a promise from her that she will disable the radio (or turn the Router off) the moment she discovers someone untrustworthy has had access to either the router or her machine(s). She is also to promise she will contact you to have the WLAN passphrase regenerated and redocumented if it is compromised.
1. There is way too much info from so-called "experts" in Security that is folklore, fantasy and fiction. Resist the idea that "security" is utterly compromised if your passphrase is not incomprehensible gibberish containing characters that you can't even type on a keyboard. This is nonsense.
2. Any good router that will do WPA2/AES is all that is required to be secure. However, it is important
to be able to DISABLE all other transport schemas (such as WPA/TKIP, WEP or WPS) - since these can be compromised in seconds to minutes.
Note: Currently, only WPA2/AES is secure and as such, this is the only scheme that can be permitted to be used. If anybody whines because their favourite toy won't connect that way, tough. Get new toys. Do not
allow your mom to compromise the security on her system to accommodate any friend, relative or such. There is no replacement for the ability to say NO - and the backbone to stick to that.
3. The longer a passphrase exists without being changed, the higher the probability that info will get into the hands of someone it should not. Changing the passphrase after "the family and kids" have visited for 2 weeks - and left to go back wherever they came from - is a really good idea
4. Security is not compatible with complacency. Security is not convenient. Breaking security is supposed
to be hard. If friends and/or family get annoyed with the above requirements - it indicates they don't take their own security seriously. As a result, they won't take your mom's security seriously either. Thus, she needs to be mindful that if they aren't trustworthy - it is appropriate
that she deny access to her network.
Hope this helps.