Posts Tagged ‘passwords’

Lock up that wireless

Thursday, May 15th, 2008

I am a regular listener to the Clark Howard show.  He is a consumer advocate with a daily radio program.  You can listen to him locally on KCMX 880 AM or do as I do and download his podcast through iTunes or directly from his site.

A couple of weeks ago he had a caller who was curious about whether she should drop her Verizon broadband service in favor of this free “Linksys” one that she had access to which appeared to be much faster.  As I gathered from her call, she was using Verizon’s cellular-based broadband service and not DSL or FiOS.  The Linksys network was a neighbor of hers who hadn’t changed any of the settings on the router and just plugged it in.

In my travels, I would say that at least a third of the people who buy a broadband router will never customize any of the settings.  I’ve even noticed similar issues with the DSL or cable modem products which include wireless functionality (although this is beginning to change with the defaults having some form of security included).

One of the reasons why Clark told this caller to not use the free wireless that she could use was that she was at risk of having her user names and passwords to banks and other financial institutions skimmed while on an open network.  In general, this is not true as your bank will have an encrypted browsing session that goes directly between your computer and the bank so that nothing in between can capture that information.  Some reality, though, is that most people use the same user name and password for all sites they log in to and not all of them set up a similar amount of encryption.  It would then be trivial for a bad person to see where you were going and just try to use the credentials from a site which didn’t encrypt to try to get into your bank.

Clark did touch on the idea that using someone else’s open wireless connection without permission is a gray area under the law.  Since I’m a geek and not a lawyer, I’ll echo that sentiment.  However, if you own such an open network, you may be subject to whatever bad things these unknown users may do while using your internet connection.  I’ll go so far as to say that I’m very sure that the biggest risk you have with owning an open wireless connection is not that someone will steal your information as you attempt to use the internet but that the unknown user or users could do almost anything using your connection and your ISP, the police, or some lawyer could come after you as a result.

Whenever I am called to install a wireless network, I will ask three questions so as to lock down the network.  The first is the name of the wireless network.  All wireless networks have what’s called the SSID or Service Set Identifier.  Each wireless network in an area should have a different name, but if you have more than one wireless access point on a single network, they should all have the same name.  So, your wireless network name should be different than what your neighbors may use.  I usually recommend against using anything related to your name or address.  I’ve used words on a poster in the room to names of former pets.  What you name it doesn’t really matter at that point.

The second question is always the password for the network.  This is the encryption and security portion of your wireless.  I will always set the highest level of encryption that all the equipment (your router, computers, and anything else that may connect) will support.  The password will need to be at least eight characters long and should not be the same as anything you may use for anything else.   Why?  What if you have guests over that want to use your network?  Maybe you want to be stingy and not let anyone else in (and I won’t fault you for that).  If you’re more accommodating, you certainly don’t want to give your guests the same keys that would unlock your e-mail and bank accounts.

The third question will be for the password of the router or access point.  It’s okay for this to be the same as others (although I’d recommend keeping all your passwords for every account different, but that’s a different article) since the only time you’d be using it is to change the settings on the router.  How often will you need to do that?  Generally, almost never.  Once set, you’d usually only need to change these if you want to change the passwords or if you changed internet providers.  Another good reason is if you want to restrict which computers can get on the internet at any given time (e.g. your children’s computers).

Care to do it yourself?  By all means.  All of these routers will come with a manual or some easy to use software to get you going.  Otherwise, you can call me, give the answers to the three questions, and I’ll take care of it.