Besides someone just mooching off free internet, how bad is it to leave your Wifi unsecured? What can happen? Also, if you do secure your Wifi how easy is it for someone to hack into your connection?
Well, you could have a SWAT team storm your house when someone uses your network to download child porn. That would be a pretty big disincentive to me, anyway.
WPA and WPA2 can be cracked with enough effort. Google has the info.
Never the less, I secured mine just to keep out the casual snoops or people that want to use my internet.
There is some liability if your internet is used to access kiddie porn or music/movie pirating. You don’t want to mistakenly get accused of something a neighbor did on your wi-fi.
Forgot to mention WEP. I’m not sure if anyone uses it anymore. It’s the most easily cracked.
But, still better than nothing.
If your ISP has a bandwidth tracker, someone else using your line could get you to your limit faster. They don’t usually cut off internet if you go over your limit, but they will slow it down to prehistoric caveman-internet speeds (56k!).
And this depends on available bandwidth, but your line will just move more slowly in general. If you have slow DSL (like 100 kbps), someone else downloading on your line will be very noticeable.
And of course, the legal concerns listed above. Generally speaking, you are legally responsible for every bit that travels through your router.
The movie/music companies don’t care what computer their material ended up on. If it went thru your router, you are going to get sued by them. And not for $10 a song or anything like that. They go for thousands a pop. Courts have ordered people to pay millions without any proof that the material was on the user’s computer.
Having unsecured WiFi is as stupid as putting your wide screen TV on the curb overnight and expecting it to be there in the morning.
By “enough effort” do you mean several million years of brute force attempts?
My WPA2 passphrase is more than 20 characters long and includes numbers, letters, and special characters. It’s not in any dictionary nor is it reachable by any regex’d extension of a dictionary word.
Please explain how you could crack it.
And as an addendum: every couple of months, I change the SSID of my two access points. This way I don’t need to change the actual passphrase, but I do change the hash salt that hashes it. It’s fun… I cycle through various literary characters, so my current SSID names are TKAM-Atticus and TKAM-Scout.
If you understand anything in this site, tell me how easy it sounds. Especially keeping in mind “millions of years”. Obviously hyperbole, but aceplace57’s point remains.
But I’ve also read an argument that says if you protect, and you get cracked anyway, all of a sudden you’re MORE likely to be on the hook for whatever was done on your network, because since you had a password, obviously only you could’ve done it!
I understand everything in that site.
As I explained, my setup is not remotely vulnerable to that attack method. My passphrase does not appear in any dictionary on the face of the planet, and even with the fastest computer known to man today, a rainbow table that was complex enough to generate it could not be completed for millions of years. That is not hyperbole. That is fact.
And considering I change my SSIDs every two months or so, that rainbow table would be useless anyway.
salty hashes… fuck, I’m hungry
Well good for you.
I do not have a password.
Somehow I set it up wrong and despite repeated efforts, I can’t set it up with a password now.
Still, I note that in my WiFi list, there are probably 10 password protected WiFi homes in my neighborhood, so I am guessing there are few if any who DON’T have their own internet connection.
Plus, I turn off my router when I am not on the computer - so anyone mooching off me is out of luck 90% of the day.
I am not overly concerned.
Is this accurate? How do the many businesses and owners of other open access points absolve themselves of responsibility?
Get concerned.
Now.
Look in the manual for how to do a hardware reset. Usually there’s a little button that you hold down and it resets everything. Then you do the initial setup from scratch. And do it right.
It’s the naive folk that get hurt the most when the stuff goes down. Stop being naive. But they also affect the rest of us when their infected machines start spewing out crap and hogging resources.
I have worked around computers for many, many decades and I am constantly astounded at how many people completely ignore basic computer security. I … just … don’t … get … it.
So what is the easiest way to find out if someone is actually accessing your Internet connection?
Mine is set with the password (ten characters) that came with the modem.
This. WPA2 attacks are all simply fancy dictionary attacks, if you have a truly strong passphrase no dictionary attack is going to break them.
With WEP, I could have had the maximum allowable password generated by a random text/number string generator and someone would still have been able to break in, because of inherent vulnerabilities in WEP you can just passively sniff packets and slowly assemble the key in plain text. With WPA2 that just isn’t possible, so you’re limited to a dictionary attack.
There is very little reason to even use an 8 character or 10 character passphrase for your WiFi at home, use some extremely long, randomly generated string containing mixed case, letters, numbers, and symbols. Write it down and hide the paper somewhere. Pretty much any WiFi-enabled device will store your passphrase in the client configuration, so you only need to ever enter it once per device. If you have to flash your device or reformat your computers you just pull out your paper and fill it in. Further, even if you lose the paper since you have physical control of the WiFi router/access point, you can always hard-flash it back to factory settings and create a new password. The “password stored on paper” method is often decried in an office setting, but in your personal home there’s really no reason not to do it as long as you keep the password in a secure place. Now, I wouldn’t write down banking passwords or things of that nature (because then a smart burglar could get access to even more than they normally would), but for a WiFi AP password I see no reason not to just make the key extremely long and store a hard copy.
If I’ve physically accessed your home, I can do any number of things to get access to your network. Of course if I’ve physically broken into your home I’m probably after a lot more than just a way to get free internet by leaching your WiFi connection, and that’s probably the least of your concerns at that point.
Annoyingly, WEP is the only one the Nintendo DS/DSi allows. It can’t connect with a WPA/WPA2 protected signal.
Not sure if that’s ever changed but that was the case a few years ago when my kid got one. Hell, I’m not even sure if the Wii did anything other than WEP – I wound up just hooking it up via ethernet cable anyway.
Trust me, I tried all that.
Downloaded the manual, followed everything step-by-step, hit the reset button…nothing.
Tried several times.
Had my brother try it (he is fairly savvy with computers) and he was unsuccessful as well.