It might be prudent to keep your routers wi-fi connection security at it highest possible encryption strength. Even WEP can be cracked!

http://www.prisonplanet.com/woman-sues-police-over-flash-grenade-swat-raid.html

True, there is no completely secure wireless.

I would agree that one should use the highest level that your devices can support, though to be brutally honest, it just needs to be higher than your neighbors.

" I don't have to be faster than the the bear, I just have to be faster than you....."

Like burglars, looking for easy targets...

WEP has been effectively useless for years. The kid next door can crack it in half an hour with a standard PC.

Even when people have WPA2 enabled, they use laughable passwords. "Fluffy" is not a solid password, and neither is your home phone number.

People don't do firmware upgrades to their wireless routers either. Yes, it's a hassle once you have everything set up because it erases your settings. But there are usually important security upgrades in there. When I was setting up my brand new router, I was amazed to find that the firmware was a year and a half out of date, and four significant firmware upgrades/patches had already been issued.

For years I had lucrative work performing wireless penetration testing for companies (it's important to note that I never did any penetration testing without a signed letter of authorization in my possession). WEP can be cracked very easily by pre-teens. It can be done tracelessly if you are willing to spend some time at it, and it can be done within about ninety seconds if you're willing to do some traffic generation.

WPA is crackable as well, but it's tougher. If you use WPA-PSK it behooves you to use a very long (20+ characters) unguessable key consisting of letters, numbers and symbols. WPA using cryptographic certificates is very tough to crack, but is beyond the capability of most (if not all) consumer wireless gear.

I really question the value of making passwords hard to remember with numbers, symbols, etc. ... this inevitably results in either people locked out of their own systems or storing the passwords in insecure locations (like a post-it note on their monitor).

As you identified, length is the real key to secure passwords.

Using MAC (Media Access Control) address filtering on top of encryption is another obstacle you add to wireless security. Most routers provide this service. This feature only allows authorized computers on your wireless network. Each network interface has a unique MAC address assigned by the manufacturer.

IOW, having the encryption key is not enough to gain wireless access. Your computer's hardware address has to be specifically authorized (or spoofed) on your router to gain access.

Again, this is about making your system just a little harder to break into than your neighbors'systems.

Nice cartoon. I totally agree with the cartoon, as far as passwords that we need to remember and input regularly are concerned. I've long been a fan of using Diceware to generate passwords (well, really passphrases). It's the combination of using real words, length, and the randomness of throws of dice that makes it work so well as well as reasonably easy to remember. For situations that require special characters or capitalization, I use the dice for that, too.

Then again, for a password that I seldom have to use, like my router at home, I personally wouldn't have any problem with using one of those random, nonesensical passwords and putting it on a sticky on the bottom of it. If some stranger can physically read that sticky, then I have far more pressing problems than a hacked wifi connection!

For the wireless key, you're typing it in approximately once per device. It's easy to attack wireless networks, and either hard or impossible to detect an attack in progress. The length, complexity and unguessability of a wireless key has a significant impact on the chances of an attack against WPA-PSK being successful.



Assuming that there is some legitimate user on the wireless network, this adds about ten seconds to the effort for the attack.

Here are some interesting articles from wired.com on the subject of passwords.

Since it's from Wired, you will naturally take it with a grain of salt. But there are a few nuggets of wisdom in there.


http://www.wired.com/gadgetlab/2012/11/ff-mat-honan-password-hacker/all/

http://www.wired.com/gadgetlab/2012/11/why-no-password-is-safe-from-hackers/

http://www.wired.com/opinion/2012/10/passwords-and-hackers-security-and-practicality/

http://www.wired.com/wiredenterprise/2013/01/google-password/

We moved to our new house in 2008 and the router sitting in the box for a couple days somehow forgot part of its settings but still worked enough that our computers connected and worked so I didn't notice until one day I found others connected to it.
I turned on logging and noticed they were looking at political sites. So rather than cut them off I put in dns redirects and pointed the R candidates site to the D candidates site and the D candidates site to the NRA