dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
10776

StuartMW
Premium Member
join:2000-08-06

1 recommendation

StuartMW

Premium Member

How often do you change your Wi-Fi SSID/Passphrase?

I'm curious as to how often people change their Wi-Fi SSID and/or WPA2 passphrase (I have to use WPA2-PSK since my wireless devices don't support WPA2-EAP).

I change both every 12 months or so. Yesterday I increased the length of my SSID and made sure I used upper/lowercase, numerals and special characters. I've always used a 63 character randomly generated passphrase (a number of websites will generate them for you).

I would've liked to have used a 32 character SSID (the max length) but one of my Wi-Fi devices (not a computer) had difficulty with that (not sure why). That device doesn't have a keyboard so entering a 63-character passphrase is very painful (and time consuming).

BTW my computers are now wired only and my LAN and Wi-Fi devices are in different subnets and firewalled from each other.

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

1 edit

Name Game

Premium Member

I have never changed mine and I do not broadcast SSID. I am not really concerned about intrusion. Disabling SSID is not a lock. At best, it prevents people from accidentally connecting to your net, since they have to know your SSID in advance. There are several freeware packages that allow even novices with inexpensive off-the-shelf wifi cards to monitor and record every frame transmitted on a wifi network. The SSID is
transmitted unencrypted every time a client associates, so the SSID is still there for all to see.

The point is no matter how much one will say that Broadcasting your SSID is no big deal it will in fact when combined with WPA2-PSK Key help keep a wireless network more secure.

Let's say for a second that you live on the most hacker riddled street in the world. Then I would assume by now you have be thwarted many of times so it really should be of no concern.

If you like most of us live in a normal area then keeping the broadcasting off and WPA-PSK Key running to secure your wireless network then you should have no problem. (operative word "should" )

Extra layers of protection are never a dumb idea.

If you live in an area where there are many wifi out there very close to you (strong signal )..you might also want to find out what channels they use and change yours accordingly.
slajoh01
join:2005-04-23

1 recommendation

slajoh01

Member

The best security against Wireless is having no wireless at all.
Suppose you do banking online at home, I would switch off wireless and use LAN cabled network instead.

So in other words, if your doing soemthing really sensitive like online shopping, credit card transactions and such, please try and use a wired network instead of wireless to be extra carefully.

And disabling SSID broadcasting is a good idea.

darcilicious
Cyber Librarian
Premium Member
join:2001-01-02
Forest Grove, OR
·Ziply Fiber

2 recommendations

darcilicious

Premium Member

said by slajoh01:

And disabling SSID broadcasting is a good idea.

Actually it's a fairly pointless exercise (see above post).

I broadcast both my SSIDs, and haven't changed the password (they're both the same, eek!) in the 3+ years both WAPs have been in service. I live in a relatively low-density area so I tend not to worry about these things.

I also don't use MAC filtering or wear an tinfoil hat

Eyeballs
Premium Member
join:2000-04-25
Worcester, MA

2 recommendations

Eyeballs to slajoh01

Premium Member

to slajoh01
said by slajoh01:

The best security against Wireless is having no wireless at all.
Suppose you do banking online at home, I would switch off wireless and use LAN cabled network instead.

So in other words, if your doing soemthing really sensitive like online shopping, credit card transactions and such, please try and use a wired network instead of wireless to be extra carefully.

And disabling SSID broadcasting is a good idea.

Make sure you also lock all your doors and pull down all your shades. You know, in case someone looks in your windows and sees you typing your password in or breaks in and installs a keylogger on your computer when you aren't home, or installs hidden cameras to video all your computer activity, or ......

Need some tin foil??
Tig
join:2006-06-29
Carrying Place, ON

1 recommendation

Tig to StuartMW

Member

to StuartMW
SSID changes when the router gets changed. Passphrase gets improved whenever I realize that it is insufficient.
I VLAN everything into logical groups. Wireless is for personal mobile devices and guests access to the net.
OZO
Premium Member
join:2003-01-17

OZO to StuartMW

Premium Member

to StuartMW
I don't change SSID. There is absolutely no reason why I'd want to. All my friends use my WiFi, when they come close to my house. And I don't see any problem with that too, BTW. Password is simple for them to enter...

Moreover, I'm looking for a solution (WiFi router), that will maintain an open WiFi spot for anyone who wants to use it. Requirements for the router are:
1. It logs bandwidth usage by those who get connection (to see manually if there is some abuse)
2. Keeps LAN for WiFi spot separated from my private LAN (simple security reasons)
3. Helps to automate the abuse protection (e.g. by limiting bandwidth used by connected devices)

There are WiFi routers on the market that offer maintaining "guest" WiFi spot. Or, in order to save money, I'll better use DD-WRT or Tomato firmware that will offer similar functionality. I've not decided on that yet, but I will. There are cases when I need to have WIFi connection for my smartphone and I appreciate when I get it at places where I am (I know many places where I can get it now). I feel the need to return the same favor to others too (even unknown)...

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

1 edit

1 recommendation

Name Game

Premium Member

For that I give friends the SSID and the Passphrase..just because it is not transmitted..does not mean it is not there. I also have a program that alerts me if someone else tries to get on. If I don't like it..can then block them at the router.

KodiacZiller
Premium Member
join:2008-09-04
73368

KodiacZiller to StuartMW

Premium Member

to StuartMW
I use a 128 bit passphrase on my WPA2-PSK router. I haven't changed the passphrase in years and really see no reason to. Even if every machine on earth simultaneously tried to brute-force the passphrase, the Sun would go white dwarf before they succeeded. As long as the passphrase remains secret (i.e. not compromised or stolen) then there's no reason to ever change it. Since I am the only person with physical access to my router, I don't feel there is much of a chance of someone stealing the key.

Perhaps some cryptologist will someday find a flaw in WPA2 or AES (as they did in WEP). If that happens, we're all screwed no matter what our password policy is.

EAP offers no security benefit over PSK. EAP is only useful when you have to manage a large number of devices. Thus it's more for convenience (key management) than security.

Finally, hiding the SSID is futile as is MAC filtering. Both are easily circumvented by any script kiddie wardriver. The only thing you need to worry about as far as the SSID is concerned is making it unique. However, even that isn't really necessary if you use a long, complicated, high entropy passphrase.

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

1 edit

Name Game

Premium Member

And if that mac filtering does not stop them..time to get into their stuff and play their game. Looks like some posting live in some nasty area of the world where they leave their doors and windows open but worry about their internet. Traveled too much with internet aware devices to worry about that.
North Myrtle Beach is a tourist destination..our summer population explodes and we have all kinds of visitors..lots of script kiddies with lots of tricks..peace returns when they go back home..

vaxvms
ferroequine fan
Premium Member
join:2005-03-01
Polar Park

1 recommendation

vaxvms to StuartMW

Premium Member

to StuartMW
Maybe I'm just dumb but
What would be the purpose of changing the password every xxx days other than to lock out someone who has already gotten access? And if someone has been connected why haven't you noticed it? It's not like the Wi-Fi is available to the bazillion people on the internet.
Why would a new password be more secure than an old one that hasn't been cracked? especially if it's a random 63 character one.

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game

Premium Member

I come from the same school of thought..but stuartmw might live in a tourist area also...hmmm..have to get a jeep and ask Bob how to track him down.

StuartMW
Premium Member
join:2000-08-06

StuartMW to Name Game

Premium Member

to Name Game
said by Name Game:

..peace returns when they go back home..

And they've mostly done that here I can actually

1) Find a parking place
2) Walk down the street without dodging people.

vaxvms
ferroequine fan
Premium Member
join:2005-03-01
Polar Park

vaxvms to Name Game

Premium Member

to Name Game
99.999% of tourists are dumb .and. they're too busy being tourists to waste time trying to hack into a local, protected, wi-fi connection that's not near a tourist attrection.
jmo

Juggernaut
Irreverent or irrelevant?
Premium Member
join:2006-09-05
Kelowna, BC

1 recommendation

Juggernaut to StuartMW

Premium Member

to StuartMW
To be honest, I never change my SSID unless I think of something truly funny. I also can't be bothered to hide my SSID, and I also allow my router to be pinged.

I do set a channel manually, though. I use channel 1 as it seems to get better coverage throughout the house, as it's a lower frequency.

As stated, WPA2 AES, and a good passphrase is the only sure-fire way to avoid getting hacked.

My tin foil hat hangs in the closet, ready for nuclear war.
Bob4
Account deleted
join:2012-07-22
New Jersey

Bob4 to StuartMW

Member

to StuartMW
Never. Unchanged for 7 years, even with three different routers during that time period.

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game to vaxvms

Premium Member

to vaxvms
said by vaxvms:

99.999% of tourists are dumb .and. they're too busy being tourists to waste time trying to hack into a local, protected, wi-fi connection that's not near a tourist attrection.
jmo

Yup..too many other targets of opportunity out there..at any one time I can see approx. 24 out there in various states of Security..from the &#*@ Yankee Inn a few miles away to the local Mickey D..then lots of residential stuff for those script kiddie tools..so no reason to even start looking for un-transmitted SSID that the owner does not want you to even give it a persistent try. They just lay on the beach and watch the sharks or pee on my cape myrtle by the 17th tee.

Boricua
Premium Member
join:2002-01-26
Sacramuerto

Boricua to StuartMW

Premium Member

to StuartMW
Once I set mine I forget it. SSID and passphrase in the router has not been changed at all since installed. I have combo of letters, number and symbols for the passphrase. In my neighborhood, there are a few routers (especially named 2WIRE###) with the same channel so I used a different channel with my own SSID (instead of the default 2WIRE###).

sivran
Vive Vivaldi
Premium Member
join:2003-09-15
Irving, TX

sivran to StuartMW

Premium Member

to StuartMW
When I got my first wireless router, I named my wlan after a virus, intending to change it to a different virus name every once in a while.

I changed it once or twice and haven't changed it since. Now I mainly don't want to change it because it'd mean plugging my wireless printer in on usb to change its settings. I know, lazy. All I have to do is move it about 10 feet.. or find me a really long usb extension...

Boricua
Premium Member
join:2002-01-26
Sacramuerto

Boricua

Premium Member

USB extension cable
MIXZ1
join:2001-01-02
Florida

MIXZ1 to StuartMW

Member

to StuartMW
Change once per year. No DHCP. Static IP on all devices. 64 bit WPA-PSK passphrase.

StuartMW
Premium Member
join:2000-08-06

StuartMW

Premium Member

We have a winner! Here's your prize. Wear it with pride my friend



Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

1 edit

Name Game to StuartMW

Premium Member

to StuartMW
Which character(s) are not allowed in SSID's and WLAN passwords?

»forum.snom.com/index.php ··· pic=6785
If the link will not work for u..then

The following six characters are not allowed: ?, ", $, [, \, ],
and +. In addition, the following three characters cannot be the first
character: !, #, and ;.

»www.cisco.com/web/techdo ··· ity.html

StuartMW
Premium Member
join:2000-08-06

2 edits

StuartMW

Premium Member

said by Name Game:

The following six characters are not allowed: ?, ", $, [, \, ] and +.

Well I found out, the hard way, that one of my devices doesn't accept a \. It does accept all the other non-allowed characters though.

Oh wait that was in the passphrase not the SSID.

NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

NetFixer to StuartMW

Premium Member

to StuartMW
The (non-broadcasting) SSID and the WPA passphrase for my production WiFi AP is etched in granite, and is unlikely to change unless I see some router/firewall log entries that indicate a problem (not likely to happen with the maximum length non-dictionary mixed alpha-numeric-special character passphrase I use). I turn on a special guest AP for visitors (which uses MAC filtering and no encryption), so I don't have a need to change anything on my normal WiFi since only permanently authorized devices are allowed access.

OTOH, I do occasionally change the SSID on my intermittently operated honeypot so that I can attract new victims visitors.
Bob4
Account deleted
join:2012-07-22
New Jersey

Bob4

Member

I have a guest network which isolates each client, but no one uses it. My guests just connect to the unsecured 'linksys' access point next door.

That doesn't really bother me, and it means my guests don't suck-up my bandwidth.

Juggernaut
Irreverent or irrelevant?
Premium Member
join:2006-09-05
Kelowna, BC

Juggernaut

Premium Member

Really? I have a guest net that has 60 gigs for usage by them. I wouldn't think of letting them leech/ steal from a neighbour.

antdude
Matrix Ant
Premium Member
join:2001-03-25
US

antdude to StuartMW

Premium Member

to StuartMW
I only change SSIDs and passphrases if I were to change my wireless APs/routers, redo firmwares, etc. I never use the same ones between them.

StuartMW
Premium Member
join:2000-08-06

1 recommendation

StuartMW to Name Game

Premium Member

to Name Game
said by Name Game:

The following six characters are not allowed: ?, ", $, [, \, ] and +.

I did some checking and apparently the IEEE 802.11 standard doesn't say anything about prohibited characters. Cisco doesn't allow the ones you quote but other vendors do

I also found that although SSID's can be 32 chars long some devices only allow 31 (31 plus nul terminator makes 32 total).
quote:
The nice thing about standards is that you have so many to choose from.

Andrew S. Tanenbaum, Computer Networks, 2nd ed., p. 254
Bob4
Account deleted
join:2012-07-22
New Jersey

Bob4 to Juggernaut

Member

to Juggernaut
said by Juggernaut:

Really? I have a guest net that has 60 gigs for usage by them. I wouldn't think of letting them leech/ steal from a neighbour.

No one here has any caps/quotas. This is America!!