Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Does Having a Publicly Visible Wi-Fi Password Add Security Compared to an Open Wi-Fi Hotspot?

//
I handle the Wi-Fi hotspot for a library and have been using WPA2 with an openly distributed passphrase. Another library has no security whatsoever. Is there a greater risk using no security because for our library the passphrase is so openly available to possibly bad guys?

The short answer is absolutely!

Using WPA2 with a password – even a publicly visible one – adds significant levels of security beyond an open Wi-Fi hotspot. Yes, even if everybody in the room knows the password.

When you’ve got an open Wi-Fi hotspot, all of the information that’s being transmitted by each of the computers connected to that hotspot is being transmitted in the clear. That puts the onus of security on each individual computer user. That’s not necessarily a good assumption to make.

Become a Patron of Ask Leo! and go ad-free!

Using WPA2

When WPA2 is used, it has a very interesting characteristic. Even though the password that you use is the same for everybody, each individual connection between a computer and a hotspot uses a different encryption key.

What that means is that while there are multiple computers connected to the same hotspot, they cannot sniff each other’s data in any unencrypted form. They do not have mutual access to all of the information that’s being transmitted and received by that access point. It’s actually a very good design point for WPA.

It’s one of the many problems with WEP security. WEP encryption, besides being very weak by today’s standards, is the same for each connection to the hotspot. That means that all connected users can still see each other’s unencrypted traffic.

And of course with no password at all anyone with a laptop in range can monitor unencrypted traffic.

Today's Password The public password

I honestly wish that every open Wi-Fi hotspot in the world would switch to this model. In other words, I wish that at Starbucks there was a board on the wall that said, “Today’s Wi-Fi password is…” and then you would need to specify that password in order to connect to the hotspot. It is a minor inconvenience for a very significant level of additional security.

Unfortunately, Starbucks and all of the other open Wi-Fi hotspot providers in the world know that anything that isn’t as simple as possible is going to give them customer service issues and the baristas just aren’t going to be prepared when someone asks for help.

So, that’s the issue. It is definitely much more secure to have the WPA2 connection with a publicly posted password than to have a completely open Wi-Fi hotspot.

Play

If you found this article helpful you'll love Confident Computing! My weekly email newsletter is full of articles that help you solve problems, stay safe, and increase your confidence with technology.

Subscribe now, and I'll see you there soon,

Leo

Posted: October 30, 2014 in: Wireless Networking
Shortlink: https://askleo.com/6409
Tagged: , ,
« Previous post:
Next post: »

New Here?

Let me suggest my collection of best and most important articles to get you started.

Of course I strongly recommend you search the site -- there's a ton of information just waiting for you.

Finally, if you just can't find what you're looking for, ask me!

Confident Computing

Confident Computing is the weekly newsletter from Ask Leo!. Each week I give you tools, tips, tricks, answers, and solutions to help you navigate today’s complex world of technology and do so in a way that protects your privacy, your time, and your money, and even help you better connect with the people around you.

The Ask Leo! Guide to Staying Safe on the Internet – FREE Edition

Subscribe for FREE today and claim your copy of The Ask Leo! Guide to Staying Safe on the Internet – FREE Edition. Culled from the articles published on Ask Leo! this FREE downloadable PDF will help you identify the most important steps you can take to keep your computer, and yourself, safe as you navigate today’s digital landscape.



My Privacy Pledge

Leo Who?

I'm Leo Notenboom and I've been playing with computers since I took a required programming class in 1976. I spent over 18 years as a software engineer at Microsoft, and after "retiring" in 2001 I started Ask Leo! in 2003 as a place to help you find answers and become more confident using this amazing technology at our fingertips. More about Leo.

7 comments on “Does Having a Publicly Visible Wi-Fi Password Add Security Compared to an Open Wi-Fi Hotspot?”

  1. All they would have to do is use a password simple as “starbucks” in all of their stores. It’s probably easier than the login screens they use now, although I think the login screen is necessary to cover the legal issues.

    The “login” page, which isn’t really logging you in, has nothing to do with security. It’s more about legalese protecting the establishment from your behavior than anything else. The password I’m talking about would be required to even connect to the hotspot, which would naturally increase the support burden as many people don’t get that.

    Leo
    23-Apr-2013
    Reply
  2. One of the reasons for the login screen is because the user is supposed to read a on acceptable use policy.

    You did read the fine print, right?

    Reply
  3. Even though the password that you use is the same for everybody, each individual connection between a computer and a hotspot uses a different encryption key.

    Doesn’t this mean that, during the initial connection, there must be some sort of handshake between your computer and the access point, in order to establish what this “different encryption key” is? Theoretically, couldn’t someone eavesdrop on that handshake, and determine that other system’s key?

    It’s actually a fairly complex process, but it does at one point involve asymmetrical encryption to then pass a symmetrical encryption key. It’s been a while since I looked at it, but it’s pretty slick. With asymmetrical encryption you can pass one key in the clear but you still don’t have enough to decrypt was was encrypted using that key. Think public-key encryption.

    Leo
    23-Apr-2013
    Reply
  4. @Ken B
    The handshake is a simple passing of the encryption keys between computers. The decryption keys remain on the original computer on which the key pair was created.

    Reply
  5. Starbucks only goal is to sell you coffee and food. They are not an ISP, so they may not care about WiFi security for their customers.

    Reply
    • In a way, Starbucks is an ISP. They provide Internet service (the definition of ISP). And that Internet service is one of the reasons many people go to Starbucks. Any company interested in selling their product would be interested in protecting their customers’ security. I agree with Leo’s hypothesis that requiring a password would confuse a few customers and end up costing their employees a lot of time, and they probably would provide a password if feasible.

      Reply
  6. Hi
    Some months I was told by my son that I always should set my wi fi connection to “public”, even if it was my own wifi at home. He explained that set it to “public” reduced the access from other devices on the same network, and for most people there was no reason not to set it to public.

    As you have covered the aspects of security in general i thought that this would interest you – and look forward to your comment in a newsletter.

    A.Karbek

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.