3

Can someone tell me why a 20-character key makes WPA Personal more secure? That really confuses me.

forest
  • 64,616
  • 20
  • 206
  • 257
Yilin LIU
  • 41
  • 1
  • 1
    Not every 20-character key password is more secure. The point is that a password should not be easy to guess or brute-forced. 20 characters simply expand the space of possible passwords which with a proper password makes guessing and brute forcing harder. But there are also easy to guess passwords which have 20 characters (i.e. 'x' 20 times) - these are not more secure. – Steffen Ullrich Mar 14 '21 at 09:03

1 Answers1

2

The WPA2-Personal password is run through an algorithm that is used to scramble the internet traffic being broadcast in radio waves. This is a process known as encryption. Anyone who knows that password can run the scrambled data through the encryption algorithm in reverse to de-scramble it. Although a human might be able to try a new password once every few seconds, a computer could guess possibly millions of passwords per second. More characters in your key makes it less likely that a computer could guess your password in any reasonable amount of time.

If someone manages to guess your password, either manually or with the help of a computer, they might be able to monitor things you do online for as long as they are in range of your Wi-Fi connection. They may steal passwords or bank details, or insert malicious scripts into websites you visit.

forest
  • 64,616
  • 20
  • 206
  • 257
  • 1
    *"they'll be able to monitor everything you do online for as long as they are in range of your Wi-Fi connection"* - that's misleading. They still can't break properly configured TLS. – nobody Mar 14 '21 at 09:29
  • 2
    @nobody You're right, but since OP asked a fairly basic question, I've given a simplified answer. It's better for OP to walk away thinking "wow, I need to use a good password" rather than "well even if it's not a good password, it's not the end of the world, right?" I'll edit the answer to be a little more precise but I don't want to overload it with detail. If someone is asking why a long password is important, I don't think "properly configured TLS" will provide them with any actionable information. – forest Mar 14 '21 at 09:31