Wi-Fi is everywhere, but not all Wi-Fi is created equally secure. This page will deal with Wi-Fi in 3 places:
- At The Ohio State University
- At home
- In public places (restaurants, public libraries, car dealerships, etc.).
Be sure to keep reading to learn the basics of Wi-Fi encryption and why strong passwords are so imporant.
Using Wi-Fi at Ohio State
Ohio State provides wireless network services for Ohio State students, faculty, staff and guests.
- Osuwireless: Secure Wi-Fi to be used by students, faculty, and staff
- WiFi@OSU: open Wi-Fi network for guests and visitors
- eduroam: Secure Wi-Fi network that can be used by students and staff at Ohio State when they travel to other participating universities
It is important to understand how to set up Wi-Fi for use at home, at school, and in public places. A safe configuration is one where your data will remain private and protected when transmitted wirelessly. Ohio State provides a safe configuration for osuwireless that can be used by all students, faculty and staff.
Ohio State users should use the encrypted Wi-Fi, osuwireless, if possible. This network requires users to sign in with their university username and password.
Using Public Wi-Fi
At your favorite coffee shop (where he/she who controls the pumpkin spice controls the universe), you begin to settle into your hot beverage and homework. Without even thinking, you connect to the shop’s free, open Wi-Fi and begin to study. Suddenly, you remember that you have to pay your utility bill (not a big deal, since these days we can pay for everything online). You mosey over to the bank’s webpage and sign in to check your account’s funds. Then you finally post the payment by entering your debit card into the utility company’s payment process page.
You've just made yourself vunerable to an attacker who can now access your banking details, and you suddenly no longer have funds for that utility bill. How “free” is that Wi-Fi now?
Public Wi-Fi is a “free wireless” internet connection that is usually advertised by coffee shops, restaurants, airports, hotels and many other places that usually involve travel, hospitality, and food. Public Wi-Fi is either secured or unsecured.
Secured public Wi-Fi:
- Requires password to use
- Encrypted so that outsiders won’t be able to intercept data
- Is the better option
Unsecured public Wi-Fi:
- Does not require a password
- Unencrypted so that outsiders may see, or “sniff” data
- Susceptible to attacks/may be an elaborate ruse
Public Wi-Fi usually does not require a password and offers no protections to their users (seriously, do you ever read those disclaimers?). They are also easy to “clone” and create a rogue Wi-Fi access point. A rogue Wi-Fi access point is Wi-Fi that pretends to be legitimate, but is controlled by someone who wants to steal your data. There is no assurance that your data is private while using a public Wi-Fi.
Public Wi-Fi is susceptible to Man-in-the-Middle (MitM) attacks. This is where an attacker can sit between you and the Wi-Fi access point, intercepting all the data that is sent and received. These malicious actors can “sniff” out passwords, account numbers, credit card numbers, etc.
In a public space, we don’t recommend users connecting to public Wi-Fi access points unless they are trusted and managed appropriately (such as osuwireless, which is secure and only available to the university community). Instead, please consider using something like a personal cellphone or cellular hotspot. This ensures that your data is protected through your carrier and that there are no third parties intercepting your data. If you have no choice but to use public Wi-Fi, we recommend these mitigating actions when using public Wi-Fi:
- Always choose secured public Wi-Fi over unsecured.
- Use a Virtual Private Network (VPN) to protect your privacy
- Don’t log into password protected sites (such as banking, social media, school, etc.)
- Don’t shop online
- Turn off automatic connectivity on your device
But the bottom line is in a public space, we don’t recommend users connecting to public Wi-Fi access points unless they are trusted and managed appropriately
Using Wi-Fi at Home
Setting up secure Wi-Fi at home is easy. The first step is to change the default administrator password, which is usually not very strong.
It is also extremely important that you choose a secure encryption protocol. Encryption protocols are what protect your password, keys, data and all other types of information sent over the wireless connection. We strongly recommend using WPA-2 (Wi-Fi Protected Access II) and disabling WPS (Wi-Fi Protected Setup).
At home, we recommend that users:
- Avoid using a router’s default admin password.
- Create a strong, unique password for the Wi-Fi connection.
- Use a Virtual Private Network (VPN) when working remote.
- Disable Wi-Fi Protected Setup (WPS).
- Use the best/latest encryption available.
- Keep the router’s firmware updated (turn auto-updates if available).
Wi-Fi Encryption: Simplified
Wi-Fi encryption is what keeps your data safe. Encryption, through algorithms and complicated mathematics, is the method to code plaintext data into unintelligible gibberish (known as cipher text) that is:
- Reversible by only the intended recipient and
- Completely secure (ideally); almost certainly more secure than unencrypted data.
To encrypt literally means to “put into a tomb” (that is designed to prevent intrusion/looting unless your name is Indiana Jones).
Encryption keeps people from reading plaintext data and helps ensure that your data is not seen by unauthorized outsiders. Examples of plaintext data include:
- Credit Card numbers
- Pretty much anything you’d wish to protect
Cryptography can be a very complex subject. This example is a very simplified explanation of what cryptography does. Imagine writing a saucy letter to a love interest. You don’t want anybody else to know the content of the letter, so you devise a method to write a secret code in a way that the other person can undo and read intelligibly. This method is not shared with anybody else (think of this as your Wi-Fi Password). The purpose is to be able to communicate without allowing outsiders to decode and understand the details of the letter.
When using Wi-Fi, use the strongest encryption available. Currently, WPA2 + AES is the strongest encryption available on most routers, and we recommend using it. The rankings of encryptions based on strength are as follows:
- WPA2 + AES (Strongest!)
- WPA2 + AES/TKIP (TKIP is used when AES cannot be used)
- WPA2 + TKIP (TKIP is used when AES cannot be used)
- WPA + TKIP
- WEP (WEP is little better than completely unsecured)
Wi-Fi passwords are important, too!
The Wi-Fi password is a pre-shared key (PSK) that ensures the privacy and protection of your data and internet connection.
Your Wi-Fi password is important to ensure that the data flowing to and from your internet connection is secure from outsiders. It also ensures that your internet connection is private; you wouldn’t want a stranger using your internet connection!
If your Wi-Fi is not password protected or if your password is weak, a stranger can connect to your Wi-Fi router and use your internet connection, potentially even to conduct illegal activities. If this were to happen the authorities would knock on your door to ask questions.
1. Have a password.
This may be hard to believe, but many people still insist on not securing their own Wi-Fi at home. The first step to defending your data and internet connection is to set up any type of defense at all.
2. Have a strong password.
Password cracking is literally a science. A password that is difficult to guess (through social engineering and open-source intelligence gathering) and also difficult to brute force (by being long enough and relatively complex) is a strong password.
Ohio State recommends:
- At least 8 characters long
- A mix of CAPITALS, lowercase, numb3r5, and $ymbol$.
- To avoid using common dictionary words such as “football” or “password”. Check the most common passwords to avoid.
- Cycling passwords every 90-180 days (Ohio State’s standard is to cycle passwords at minimum, in 180-day increments.)
Please note: Many routers are shipped with default passwords such as “admin” or “password.” It is important to change these defaults as soon as possible. Manufacturer specifications, including default passwords, are freely available on the internet. We recommend changing both factory passwords and the factory SSID (Service Set Identifier, or the Wi-Fi “name” that pops up when scanning for available Wi-Fi).
Also, some new routers are shipping with complex, unique passwords. It is still a good idea to change these as well as the SSID. Consult your user manual or ISP to get directions on how to change your password.