Editing Wi-Fi (section)

=== Securing methods ===
A common measure to deter unauthorized users involves hiding the access point's name by disabling the SSID broadcast. While effective against the casual user, it is ineffective as a security method because the SSID is broadcast in the clear in response to a client SSID query. Another method is to only allow computers with known MAC addresses to join the network,<ref>
{{cite web
 |url         = http://www.cs.wright.edu/~pmateti/InternetSecurity/Lectures/WirelessHacks/Mateti-WirelessHacks.htm#_Toc77524658
 |title       = Hacking Techniques in Wireless Networks
 |last        = Mateti
 |first       = Prabhaker
 |year        = 2005
 |publisher   = [[Wright State University]] Department of Computer Science and Engineering
 |location    = Dayton, Ohio
 |archive-url  = https://web.archive.org/web/20100305180937/http://www.cs.wright.edu/~pmateti/InternetSecurity/Lectures/WirelessHacks/Mateti-WirelessHacks.htm#_Toc77524658
 |archive-date = 5 March 2010
 |url-status  = live
 |access-date  = 28 February 2010
}}</ref> but determined eavesdroppers may be able to join the network by [[MAC spoofing|spoofing]] an authorized address.

[[Wired Equivalent Privacy]] (WEP) encryption was designed to protect against casual snooping but it is no longer considered secure. Tools such as [[AirSnort]] or [[Aircrack-ng]] can quickly recover WEP encryption keys.<ref>{{cite web|url=http://www.wirelessve.org/entries/show/WVE-2005-0020|title=Wireless Vulnerabilities & Exploits|last1=Hegerle|first1=Blake|last2=snax|date=17 August 2001|publisher=wirelessve.org|archive-url=https://archive.today/20060919203035/http://www.wirelessve.org/entries/show/WVE-2005-0020|archive-date=19 September 2006|url-status=dead|access-date=15 April 2008|last3=Bruestle|first3=Jeremy}}</ref> Because of WEP's weakness the Wi-Fi Alliance approved Wi-Fi Protected Access (WPA) which uses [[Temporal Key Integrity Protocol|TKIP]]. WPA was specifically designed to work with older equipment usually through a firmware upgrade. Though more secure than WEP, WPA has known vulnerabilities.

The more secure [[WPA2]] using [[Advanced Encryption Standard]] was introduced in 2004 and is supported by most new Wi-Fi devices. WPA2 is fully compatible with WPA.<ref name="wpa2-mandatory">{{cite web|url=http://www.wi-fi.org/news_articles.php?f=media_news&news_id=16|title=WPA2 Security Now Mandatory for Wi-Fi CERTIFIED Products|date=13 March 2006|work=[[Wi-Fi Alliance]]|archive-url=https://web.archive.org/web/20110807093143/http://www.wi-fi.org/news_articles.php?f=media_news&news_id=16|archive-date=7 August 2011|url-status=dead}}</ref> In 2017, a flaw in the WPA2 protocol was discovered, allowing a key replay attack, known as [[KRACK]].<ref>{{cite web|url=https://www.krackattacks.com/|title=Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse|last=Vanhoef|first=Mathy|date=2017|archive-url=https://web.archive.org/web/20171022022042/https://www.krackattacks.com/|archive-date=22 October 2017|url-status=live|access-date=21 October 2017}}</ref><ref>{{cite web|url=https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/|title=Serious flaw in WPA2 protocol lets attackers intercept passwords and much more|last=Goodin|first=Dan|date=16 October 2017|website=[[Ars Technica]]|archive-url=https://web.archive.org/web/20171021121658/https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/|archive-date=21 October 2017|url-status=live|access-date=21 October 2017}}</ref>

[[File:QR code Wi-Fi.svg|thumb|upright=0.63|A [[QR code]] to automate a Wi-Fi connection using ''WIFI:S:Wikipedia;T:WPA;P:Password1!;;'']]

A flaw in a feature added to Wi-Fi in 2007, called [[Wi-Fi Protected Setup]] (WPS), let WPA and WPA2 security be bypassed. The only remedy {{as of|2011|lc=on}} was to turn off Wi-Fi Protected Setup,<ref>{{cite web |url=http://www.kb.cert.org/vuls/id/723755 |title=CERT/CC Vulnerability Note VU#723755 |access-date=1 January 2012 |url-status=live |archive-url=https://web.archive.org/web/20120103152902/http://www.kb.cert.org/vuls/id/723755 |archive-date=3 January 2012 }} [[US CERT]] Vulnerability Note VU#723755</ref> which is not always possible.

[[Virtual private network]]s can be used to improve the confidentiality of data carried through Wi-Fi networks, especially public Wi-Fi networks.<ref>{{Cite web|url=https://www.consumer.ftc.gov/articles/0014-tips-using-public-wi-fi-networks#protect|title=Tips for Using Public Wi-Fi Networks|author=Federal Trade Commission|date=March 2014|website=Federal Trade Commission – Consumer Information|access-date=8 August 2019|archive-date=9 August 2019|archive-url=https://web.archive.org/web/20190809122844/https://www.consumer.ftc.gov/articles/0014-tips-using-public-wi-fi-networks#protect|url-status=live}}</ref>

A [[URI]] using the WIFI scheme can specify the SSID, encryption type, password/passphrase, and if the SSID is hidden or not, so users can follow links from [[QR code]]s, for instance, to join networks without having to manually enter the data.<ref>{{cite web|title=Share your Wi-Fi SSID & Password using a QR Code|url=http://www.technostarry.com/share-wi-fi-details-using-qr-code/|date=19 July 2015|access-date=28 July 2021|archive-date=12 January 2023|archive-url=https://web.archive.org/web/20230112193217/http://www.technostarry.com/share-wi-fi-details-using-qr-code/|url-status=live}}</ref> A [[MeCard (QR code)|MeCard]]-like format is supported by Android and iOS 11+.<ref>{{cite web |title=zxing documentation: barcode contents |url=https://github.com/zxing/zxing/wiki/Barcode-Contents |website=GitHub |publisher=zxing |language=en |access-date=28 July 2021 |archive-date=15 February 2016 |archive-url=https://web.archive.org/web/20160215201205/https://github.com/zxing/zxing/wiki/Barcode-Contents |url-status=live }}</ref>

* Common format: <code>WIFI:S:<SSID>;T:<WEP|WPA|blank>;P:<PASSWORD>;H:<true|false|blank>;</code>
* Sample <code>WIFI:S:MySSID;T:WPA;P:MyPassW0rd;;</code>