Why it is time to rethink Wi-Fi security


Can I have your Wi-Fi password? If you’re someone like me, you’ve asked this question many times. Not only in coffee shops, but also while visiting homes of friends and relatives. And if your friends and family are anything like mine, they probably started to hunt for that three-year-old Post-It note, or tried to spell out a cryptic letters-and-numbers password that was impossible to type with your smart phone’s onscreen keyboard.

Lately, I’ve been thinking there has to be a better way.

The reason that I’ve been wondering about the future of Wi-Fi security is that I’ve come to realize that the home network is increasingly not just about access to the internet, but about social interaction and collective media consumption.

Take Chromecast, for example. Google’s (S GOOG) TV dongle is great for watching YouTube videos with your friends, who can use YouTube’s iOS and Android apps to queue up clips together and then beam them to the TV screen. It’s like one big, happy YouTube party — but it only works if everyone is on the same Wi-Fi network.

Chances are, that scenario won’t be the only one that requires you to share your Wi-Fi access with your friends for long. Pandora CTO Tom Conrad told me earlier this week that he would love to bring real-life social interaction to Pandora’s apps. This would enable Pandora to automatically mix a station based on who’s in the room and listening together, but it would once again require people to log into the same network as a kind of near-field authentication.

Router makers are completely unprepared for this kind of scenario. A few vendors have started to add guest networks to their consumer routers, but these are typically fenced off from your regular network, making any kind of device-to-device interaction impossible.

A handful of developers have started to fill the void with some clever apps that promise to make it easier to share the password of your Wi-Fi network. Some rely on QR codes, others even make it possible to share it with select friends on Facebook. But these solutions are generally still too cumbersome, and some have inherent security risks. Do you really want to save your Wi-Fi password in the cloud?

What we need instead is a different approach to Wi-Fi security: An acknowledgement that not all devices in a home network are created equal, and that some should have the power, as well as the tools, to easily grant temporary access to others.

What I want on my phone is an app that tells my router to open up the gates for my friend’s phone, with some level of basic session-based authentication. Think NFC, a simple six-digit code, or even audio. And once that device leaves the network for a predetermined amount of time, authentication is revoked.

Some of you may say that this doesn’t sound very secure, but I would argue that the status quo is just as unsafe: Consumers end up giving their password out without ever changing it, and possibly even opt for less secure but easier-to-type and easier-to-remember passwords simply because they don’t want to hunt for that Post-It note anymore.

Or, even worse, they don’t share their network at all — and become YouTube party poopers.

Image courtesy of Shutterstock user  Sputanski.


Massimo Ciociola

Wiman.me has a super awesome way to connect to wifi: social login.


A bit of public key cryptography, SAML, support for managing access point access from mobile device and other wifi clients… Yes. Absolutely. Key exchange locally from device to device, authorized client adds a new guest user – or a new permanent user – sets a profile, possibly expiration date… It could be a device key or a personal key, so that you could authenticate your friends all devices at once – or authenticate a laptop to access your wifi, using NFC on your and your friends mobile.

Standards are needed. A preferred way of implementing this has to happen – it’s not nearly enough to make this work on one platform. It has to be platform independent solution. Anything like this already in place in enterprises, universities etc?


I can’t believe I read this on a site like this. This is WPS, I have a physical button on my router or a virtual button on an app. When I click this every modern Windows and Android device will connect.

It also supports NFC, as you can read on Wikipedia for WPS.


I don’t see why a NFC tag inside your house wouldn’t be secure.

Janko Roettgers

The security risks I alluded to have more to do with storing your password in the cloud, sharing it online etc. One could of course argue that any method that relies on permanent or rarely-changed passwords – be it an NFC tag or just a password you tell your friends – is insecure. Session-based passwords are just a lot more secure.


Thanks. BTW, on your other point about the guest networks of some routers, I think that’s a good thing that the devices cannot interact. But then, I don’t even allow my own devices to interact! My router is set up so that the wireless devices cannot see each other, and even the stationary devices sitting close to the router are connected via WiFi.


where have you been the last 10+ years?
the industry wants you to have a separate account and internet connections for each device so they can rip off and track you better…
the gov. spys want you to have a separate account and internet connection for each individual so they can spy you easier…
they even invented ipv6 for just that and claim there is no space left in the universe.

Comments are closed.