Your Wi-Fi Encryption Key is Easily Cracked

If you are running a wireless network in your home or business, the days of running an open and unsecured wireless access point are over.  You just open yourself up to way too much mischief and malicious activity by running an unsecured network.  If you are still using WEP encryption, you need to move off of WEP and on to WPA or WPA2 encryption. 

I read an article on Ars Technica that goes into more detail on the methods someone could use to crack your easy password and gain access to even a correctly secured wireless network.  For details, click through the link.

What am I talking about exactly?  Wireless access points and wireless network cards in our laptops, smartphones, printers, and TVs set up a radio connection to communicate and exchange information.  As with all radio communications, anyone with the right radio receiving equipment can listen in on your transmission.  An access point that does not require a password to connect, such as you will find in a coffee shop or other public location, is not secure.  All of the traffic is sent and received in PLAIN TEXT, which means your user IDs, passwords, and credit card numbers can be easily intercepted by anyone near enough to receive the signal on a laptop with the right software installed.

imagePublic Wi-Fi where you are required to log on to a special web page with your email address and accept their Terms of Service does not set up an encrypted session.  In the example to the right, you can see the different types of networks.  The circled connection is encrypted, the Guest network below it is not.  Notice the yellow shield next to the unsecured network?  The third network is an unsecured ad-hoc (computer to computer) network that is set up automatically by some HP laptops.  NEVER connect to one of these ad-hoc networks.

Back to our original topic.  Your home and business Wi-Fi networks need to be secured with a WPA2 encryption key.  The password you choose to set up your secure wireless network will become the encryption key for your network.  As before, make them long and difficult, and not easy to guess.  Long means at least 10 characters.  Avoid the temptation of using 1234567890 or your phone number (another easy to guess 10 digit number) as the passcode.  Use something with upper and lower case letters, numbers, and a symbol or two.

Even if you have done your job correctly, a determined cyber-criminal could still break into your wireless network.  You may want to consult with a computer security professional and have them survey your network environment and set up other controls to keep your network and data secure.  Please contact us for our recommendations, if you like. 

As always – be careful out there!


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.