WPA2 with a strong password is secure as long as you disable WPS. You’ll find this advice in guides to securing your Wi-Fi all over the web. Wi-Fi Protected Setup was a nice idea, but using it is a mistake.
Your router probably supports WPS and it’s likely enabled by default. Like UPnP, this is an insecure feature that makes your wireless network more vulnerable to attack.
What is Wi-Fi Protected Setup?
RELATED: The Difference Between WEP, WPA, and WPA2 Wi-Fi Passwords
Most home users should be using WPA2-Personal, also known as WPA2-PSK. The “PSK” stands for “pre-shared key.” You set up a wireless passphrase on your router and then provide that same passphrase on each device you connect to your WI-Fi network. This essentially gives you a password that protects your Wi-FI network from unauthorized access. The router derives an encryption key from your passphrase, which it uses to encrypt your wireless network traffic to ensure people without the key can’t eavesdrop on it.
This can be a bit inconvenient, as you have to enter your passphrase on each new device you connect. Wi-FI Protected Setup (WPS), was created to solve this problem. When you connect to a router with WPS enabled, you’ll see a message saying you can use an easier way to connect rather than entering your Wi-Fi passphrase.
Why Wi-Fi Protected Setup Is Insecure
There are several different ways to implement Wi-Fi protected setup:
PIN: The router has a eight-digit PIN that you need to enter on your devices to connect. Rather than check the entire eight-digit PIN at once, the router checks the first four digits separately from the last four digits. This makes WPS PINs very easy to “brute force” by guessing different combinations. There are only 11,000 possible four-digit codes, and once the brute force software gets the first four digits right, the attacker can move on to the rest of the digits. Many consumer routers don’t time out after a wrong WPS PIN is provided, allowing attackers to guess over and over again. A WPS PIN can be brute-forced in about a day. [Source] Anyone can use software named “Reaver” to crack a WPS PIN.
Push-Button-Connect: Instead of entering a PIN or passphrase, you can simply push a physical button on the router after trying to connect. (The button may also be a software button on a setup screen.) This is more secure, as devices can only connect with this method for a few minutes after the button is pressed or after a single devices connects. It won’t be active and available to exploit all the time, as a WPS PIN is. Push-button-connect seems largely secure, with the only vulnerability being that anyone with physical access to the router could push the button and connect, even if they didn’t know the Wi-Fi passphrase.
PIN is Mandatory
While push-button-connect is arguably secure, the PIN authentication method is the mandatory, baseline method that all certified WPS devices must support. That’s right — the WPS specification mandates that devices must implement the most insecure method of authentication.
Router manufacturers can’t fix this security problem because the WPS specification calls for the insecure method of checking PINs. Any device implementing Wi-FI Protected Setup in compliance with the specification will be vulnerable. The specification itself is no good.
Can You Disable WPS?
There are several different types of routers out there.
- Some routers don’t allow you to disable WPS, providing no option in their configuration interfaces to do so.
- Some routers provide an option to disable WPS, but this option does nothing and WPS is still enabled without your knowledge. In 2012, this flaw was found on “every Linksys and Cisco Valet wireless access point… tested.” [Source]
- Some routers will allow you to either disable or enable WPS, offering no choice of authentication methods.
- Some routers will allow you to disable PIN-based WPS authentication while still using push-button authentication.
- Some routers don’t support WPS at all. These are probably the most secure.
How to Disable WPS
RELATED: Is UPnP a Security Risk?
If your router allows you to disable WPS, you’ll likely find this option under Wi-FI Protected Setup or WPS in its web-based configuration interface.
You should at least disable the PIN-based authentication option. On many devices, you’ll only be able to choose whether to enable or disable WPS. Choose to disable WPS if that’s the only choice you can make.
We’d be a bit worried about leaving WPS enabled, even if the PIN option appears to be disabled. Given the terrible record of router manufacturers when it comes to WPS and other insecure features like UPnP, isn’t it possible that some WPS implementations would continue to make PIN-based authentication available even when it appeared to be disabled?
Sure, you could theoretically be secure with WPS enabled as long as PIN-based authentication was disabled, but why take the risk? All WPS really does is allow you to connect to Wi-Fi more easily. If you create a passphrase you can easily remember, you should be able to connect just as fast. And this is only an issue the first time — once you’ve connected a device once, you shouldn’t have to do it again. WPS is awfully risky for a feature that offers such a small benefit.
Image Credit: Jeff Keyzer on Flickr
FAQs
Impact. An attacker within radio range can brute-force the WPS PIN for a vulnerable access point. The attacker can then obtain WEP or WPA passwords and likely gain access to the Wi-Fi network. Once on the network, the attacker can monitor traffic and mount further attacks.
Should WPS be enabled or disabled? ›
WPS is a convenient way to connect your devices to your router, but it can pose a security risk. It's a good idea to turn off WPS functionality once all your devices are connected and allow guests to connect via a guest network so your private devices stay safe.
What is Wi-Fi Protected Setup WPS used for? ›
Wi-Fi Protected Setup (WPS) is a feature supplied with many routers. It is designed to make the process of connecting to a secure wireless network from a computer or other device easier.
What is a reason to turn off WPS code capabilities? ›
Wireless networks with WPS enabled are highly vulnerable to cybersecurity threats. Attackers can easily target the WPS function to steal network passwords, regardless of how complex the password is.
Can I turn off WPS on my router? ›
Learn how to configure your router to disable Wi-Fi Protected Setup or WPS of router in your Home Network.
- Using your device, open a web browser, then log in to the Admin console of your home router. ...
- Click Advance Setup, then select Wireless Settings.
- Under Wi-Fi Protected Setup settings, tick the Disable Router's PIN.
This is why we disable WPS. Once disabled, you'll need to use the conventional password method to add additional devices to your wi-fi network (less convenient) but your router will no longer be vulnerable to a WPS attack (more secure).
Is WPS a security risk? ›
Wi-Fi Protected Setup (WPS) provides simplified mechanisms to configure secure wireless networks. The external registrar PIN exchange mechanism is susceptible to brute-force attacks that could allow an attacker to gain access to an encrypted Wi-Fi network.
Is it safe to enable WPS? ›
Is WPS Secure? Although it's convenient and easy to use, WPS suffers from security flaws. The biggest problem is that it exposes all of your connected to wireless devices. If your a hacker is able to access your router, he or she will then have unrestricted access to all your connected devices.
What happens if I press WPS on my Wi-Fi? ›
The WPS button simplifies the connection process
Press the WPS button on your router to turn on the discovery of new devices. Then, go to your device and select the network you want to connect to. The device is automatically connected to the wireless network without having to enter the network password.
Why is WPS needed? ›
Advantage of a WPS
A Welding Procedure Specification is essential for every welding company to have because it maintains quality standards across every weld. It isn't just a nice guide to follow. Under various Australian and international standards (eg. ISO 15612, ISO 15609), a WPS is required to ensure a stable weld.
WPS makes it easier and a bit quicker. There are some different ways to do it. First of all, WPS can be a workaround for connecting to Wi-Fi without a password. To do so, you should hit the WPS button on your router to enable device detection.
What happens when you turn off your WIFI router? ›
'Your Wi-Fi router doesn't require rest like other devices. It is designed to be working 24/7 and that's every single day of the year. Whenever you turn your router off, it can automatically send signals to your internet provider,' he explains.
How do I know if WPS is on or off? ›
Note: To check if your router is WPS-enabled, look for a button labeled WPS on your router or access point. If there is no hardware button, there may be a virtual WPS button in the software for the device. Check your network product documentation for details.
Does WPS slow down Wi-Fi? ›
If there are two devices on the switch seeking access to the Internet at the same time then yes, there will be some reduction in potential throughput compared to a direct connection.
What is the difference between WPS and WPA2? ›
WPA2 uses a stronger encryption technology that's immune to most forms of hacking. WPS (Wi-Fi Protected Setup) is technology designed solely to automate the initial setup of a Wi-Fi connection. WPS doesn't use encryption — and can actually bypass whatever encryption might otherwise be in use!
What are disadvantages of a WPS? ›
Disadvantages of WPS
- Devices without WPS certification is not able to take advantage of the enhanced security provided by WPS.
- Non WPS devices will require the user to enter the long hexadecimal passphrase manually.
- WPS does not supports "Ad Hoc" connection that allows devices to communicate directly with each other.
On behalf of its test users, WPS collects certain personal data from test users and their test-taking customers, whether those individuals are residents of the United States, the EU, or any other country, or when WPS is provided with test takers' personal information by test users.
Is WPS safer than a password? ›
There are also some important downsides to WPS: It's not very secure. PIN-based WPS connections seem especially vulnerable against brute-force attacks. A successful attack on WPS allows the attacker to gain access to your Wi-Fi network, and the only effective workaround is to disable WPS.
Can WPS be turned off and on? ›
Select Advanced Settings > Wireless. Choose WPS from the tab. Move the Enable WPS toggle switch to the off position.
Why should you turn Wi-Fi off at night? ›
The simple step of hitting the off switch can lead to a better night's sleep. When on, a WiFi signal may interfere with our brains during sleep, so by turning it off we reduce EMF exposure and hopefully rest more deeply.
Turning Wi-Fi off when you're not using it improves network security and frees up some bandwidth for your wired devices. Maybe you don't want to disable your Wi-Fi access completely, but would like to hide your Wi-Fi name so only people who know it have access to your Wi-Fi.
Why you should turn off your router at night? ›
Turning your WiFi router off at night drastically reduces exposure to unnecessary radiation. You'll also save energy in the process. We turn off most electrical devices at night, so why leave routers on? WiFi radiation is most likely harmful on some level, but we don't quite understand the extent of which yet.
Does WPS stay on? ›
Did the WPS process time out? The WPS light will continue to flash and the router search for devices for up to 2 minutes. If it doesn't connect successfully in that time, it will usually reset and you will need to press it again to try a new connection.
What Wi-Fi security should I use at home? ›
When choosing from among WEP, WPA, WPA2 and WPA3 wireless security protocols, experts agree WPA3 is best for Wi-Fi security. As the most up-to-date wireless encryption protocol, WPA3 is the most secure choice.
What is the disadvantage of WPA2 Wi-Fi? ›
WPA2: Advantages and Disadvantages
| Advantages | Disadvantages |
|---|
| Offers solutions for enterprises | Requires a high level of processing power, which can result in decreased network performance |
| Addresses many of WPA's security flaws | |
| Most secure option available due to its use of AES | |
Nov 25, 2022
WEP, WPA, and WPA2 are Wi-Fi security protocols that secure wireless connections. They keep your data hidden and protect your communications, while blocking hackers from your network. Generally, WPA2 is the best choice, even though it consumes more processing power to protect your network.
Should I use WPA3 or WPA2? ›
WPA3 is better than WPA2. WPA3 uses more advanced encryption technology to secure your wireless network. And the network data encryption speed is faster than WPA2. If the wireless router supports multiple wireless security protocols like WPA3, WPA2, WPA, you should use the most secure one, WPA3.
What happens when WPS is enabled? ›
Wi-Fi Protected Setup (WPS) is a feature supplied with many routers. It is designed to make the process of connecting to a secure wireless network from a computer or other device easier.
What will happen if I enable WPS button on my router? ›
The WPS button simplifies the connection process
Press the WPS button on your router to turn on the discovery of new devices. Then, go to your device and select the network you want to connect to. The device is automatically connected to the wireless network without having to enter the network password.
What is the disadvantage of WPS? ›
One of the downsides of WPS Office is it does not provide Auto Spell Correct option, so if we do any documents it may have spelling mistakes.
WPS stands for WiFi Protected Setup. It's effectively a wireless network security standard that speeds up and simplifies the process of connecting your device with a router.
How do I know if my router is using WPS? ›
Note: To check if your router is WPS-enabled, look for a button labeled WPS on your router or access point. If there is no hardware button, there may be a virtual WPS button in the software for the device. Check your network product documentation for details.
What is the difference between WPS and Wi-Fi? ›
The WPS does not handle the connection of Wifi but it handles the data sending between the client device(s) and the router. The WPS is a password-protected wireless network that supports the WPA (Wifi Protected Access Personal) or WPA2 (Wifi Protected Access2 Personal) security protocols.
Does the WPS button reset the Wi-Fi? ›
Did the WPS process time out? The WPS light will continue to flash and the router search for devices for up to 2 minutes. If it doesn't connect successfully in that time, it will usually reset and you will need to press it again to try a new connection.
