While Wi-Fi may be everywhere these days, not all Wi-Fi is created equally. It is important to understand how to set up and access secure Wi-Fi for use at home, school and in public places. A safe configuration is one where your data will remain private and protected when transmitted wirelessly. This page will deal with Wi-Fi in 3 places:
- At The Ohio State University
- At home
- In public places (restaurants, public libraries, car dealerships, etc.).
Then, read on to learn the basics of Wi-Fi encryption and why strong passwords are so imporant!
Using Wi-Fi at Ohio State
Ohio State provides wireless network services for Ohio State students, faculty, staff and guests.
For students, faculty and staff:
- eduroam: Secure Wi-Fi for students, faculty and staff at Ohio State and other participating universities around the globe
- Registered4OSU: Secure Wi-Fi for students, faculty and staff to connect media devices, game consoles, printers, TVs, and other devices.
For guests on campus:
- WiFi@OSU: Open Wi-Fi for guests and visitors to the university.
Venue Wi-Fi networks, for all visitors to the Ohio Stadium, the Schottenstein Center and the Covelli Center Arena:
- osuPasspoint: Secure Wi-Fi for Verizon cellular devices
- osuFanWiFi: Open Wi-Fi for fans and guests
Read more about wireless access at Ohio State at wireless.osu.edu.
Using Public Wi-Fi
Picture this: You begin to settle into a hot beverage and homework at your favorite coffee shop. Without even thinking, you connect to the shop’s free, open Wi-Fi and begin to study. Suddenly, you remember that you have to pay your utility bill. You mosey over to the bank’s webpage and sign in to check your account’s funds. Then you post the payment by entering your debit card into the utility company’s payment process page.
You've just made yourself vunerable to an attacker who can now access your banking details, and you suddenly no longer have funds for that utility bill. How “free” is that Wi-Fi now?
Public Wi-Fi is a “free wireless” internet connection that is usually advertised by coffee shops, restaurants, airports, hotels and many other places that usually involve travel, hospitality and food. Public Wi-Fi is either secured or unsecured.
Secured public Wi-Fi:
- Requires password to use
- Encrypted so that outsiders won’t be able to intercept data
- Is the better option
Unsecured public Wi-Fi:
- Does not require a password
- Unencrypted so that outsiders may see, or “sniff” data
- Susceptible to attacks/may be an elaborate ruse
Public Wi-Fi usually does not require a password and offers no protections to their users. They are also easy to “clone” and create a rogue Wi-Fi access point. A rogue Wi-Fi access point is Wi-Fi that pretends to be legitimate, but is controlled by someone who wants to steal your data. There is no assurance that your data is private while using a public Wi-Fi.
Public Wi-Fi is susceptible to Man-in-the-Middle (MitM) attacks. This is where an attacker can sit between you and the Wi-Fi access point, intercepting all the data that is sent and received. These malicious actors can “sniff” out passwords, account numbers, credit card numbers, etc.
In public spaces, we don’t recommend users connect to public Wi-Fi access points unless they are trusted and managed appropriately. Instead consider using something like a personal cellphone or cellular hotspot. This ensures that your data is protected through your carrier and that there are no third parties intercepting your data. If you have no choice but to use public Wi-Fi, you can mitigate risks by:
- Always choosing secured public Wi-Fi over unsecured
- Use a Virtual Private Network (VPN) to protect your privacy
- Avoiding logging into password protected sites (such as banking, social media, school, etc.)
- Avoiding shopping online
- Turning off automatic connectivity on your device
Using Wi-Fi at Home
Setting up secure Wi-Fi at home is easy. The first step is to change the default administrator password, which is usually not very strong.
It is also extremely important that you choose a secure encryption protocol. Encryption protocols are what protect your password, keys, data and all other types of information sent over the wireless connection. We strongly recommend using WPA-3 (Wi-Fi Protected Access III) where possible, using WPA-2 (Wi-Fi Protected Access II), and disabling WPS (Wi-Fi Protected Setup).
At home, we recommend that users:
- Avoid using a router’s default admin password.
- Create a strong, unique password for the Wi-Fi connection.
- Use a Virtual Private Network (VPN) when working remote.
- Disable Wi-Fi Protected Setup (WPS).
- Use the best/latest encryption available.
- Keep the router’s firmware updated (turn auto-updates if available).
Wi-Fi Encryption: Simplified
Wi-Fi encryption is what keeps your data safe. Encryption, through algorithms and complicated mathematics, is the method to code plaintext data into unintelligible gibberish (known as cipher text) that is:
- Reversible by only the intended recipient and
- Completely secure (ideally); it is at least more secure than unencrypted data.
Encryption keeps people from reading plaintext data and helps ensure that your data is not seen by unauthorized outsiders. Examples of plaintext data include:
- Credit card numbers
- Pretty much anything you’d wish to protect
When using Wi-Fi, use the strongest encryption available. Currently, WPA3 is the strongest encryption available, but only on some late-model routers. On the rest, WPA2 + AES (Advanced Encryption Standard) is acceptible, and we recommend using it. The rankings of encryption based on strength are as follows:
- WPA3 (Strongest!)
- WPA2 + AES
- WPA2 + AES/TKIP (Temporal Key Integrity Protocol) (TKIP is used when AES cannot be used)
- WPA2 + TKIP (TKIP is used when AES cannot be used)
- WPA + TKIP
- WEP (Wired Equivalent Privacy) (WEP is little better than completely unsecured)
Wi-Fi passwords are important, too!
Wi-Fi passwords are a pre-shared key (PSK) that ensures the privacy and protection of your data and internet connection.
Your Wi-Fi password is important to ensure that the data flowing to and from your internet connection is secure from outsiders. It also ensures that your internet connection is private; you wouldn’t want a stranger using your internet connection!
If your Wi-Fi is not password protected or if your password is weak, a stranger can connect to your Wi-Fi router and use your internet connection, potentially even to conduct illegal activities. If this were to happen, the authorities would knock on your door to ask questions.
1. Have a password.
This may be hard to believe, but many people still insist on not securing their own Wi-Fi at home. The first step to defending your data and internet connection is to set up any type of defense at all.
2. Have a strong password.
Password cracking is literally a science. A password that is difficult to guess (through social engineering and open-source intelligence gathering) and also difficult to brute force (by being long enough and relatively complex) is a strong password.
We recommend your password:
- Is at least 8 characters long
- Is a mix of capital and lowercase letters, numbers and symbols.
- Avoids using common dictionary words such as “football” or “password”. Check the most common passwords to avoid.
- Cycles, or changes, every 90-180 days (Ohio State’s standard is to cycle passwords, at minimum, in 180-day increments.)
Please note: Many routers are shipped with default passwords such as “admin” or “password.” It is important to change these defaults as soon as possible. Manufacturer specifications, including default passwords, are freely available on the internet. We recommend changing both factory passwords and the factory SSID (Service Set Identifier, or the Wi-Fi “name” that pops up when scanning for available Wi-Fi).
Also, some new routers are shipping with complex, unique passwords. It is still a good idea to change these as well as the SSID. Consult your user manual or internet service provider (ISP) to get directions on how to change your password.