1

"... they'll go to the taskbar and look at the properties of the WiFi router to get the password."

is a quote from another question on this site, and is in the context of WiFi passwords.

The password remaining accessible on a user's computer significantly after the user has logged in certainly seems like a security hole, although I don't know whether it's the OS's fault or the router's fault.

What OSes and/or router's leave WiFi passwords accessible on a user's computer significantly after the user has logged in to WiFi?

  • 1
    In OSX, it is stored in the Keychain, but you need to supply the admin password to access it. I'm not sure if that qualifies as "look at properties to get the password" – schroeder Jun 18 '15 at 23:18
  • Windows WiFi passwords can be hidden from regular users using Group Policy. See [this post](http://superuser.com/questions/643886/keep-windows-from-showing-a-wifi-password/643899#643899) – amccormack Jun 19 '15 at 00:29
  • Windows 10 Wi-Fi Sense will share your wi-fi password with all contacts depending on network settings (on/off). This is turned *on* by default. – Dave Mar 21 '16 at 20:37

2 Answers2

2

To be able to reconnect to a WiFi router, with out prompting the user every time for the shared secret, the client operating system needs to remember the shared secret.

Some operating systems make this "hard" for a user to see, but this will not prevent a determined user from recovering the shared secret.

Yes this is a weakness, but then so is any scheme based on a secret shared with all your users. If you want better security on WiFi look into using client-side certificates using 802.1x. Again the credentials are still stored on the client device so anyone with access to the unlocked device will be able to get access to that certificate, but at least the cert is only tied to one user and is easier to revoke then a shared secret.

Edit - Captive Portals

Some places do do this, usually hotels, search for "Captive Portals". This approach has many weaknesses, most prominently it is not implemented in the WiFi protocols.
This is often overcome by the router redirecting all http traffic from a given MAC to the captive portal until the client has logged in. If you start every session with a plain text HTTP request this is almost acceptable. If however you start your WiFi Session with a POP3,IMAP,SSH,HTTPS etc. session this work significantly less well. Another weakness of most of these systems is that they are based on MAC address, which is snoop-able and spoof-able.

David Waters
  • 2,802
  • 2
  • 14
  • 14
  • Even without client certificates, it seems like one could get significantly better security by giving the router a public key known to users and letting users log in to it just like they would log in to an ordinary website. –  Jun 18 '15 at 23:09
  • I've added a bit more to my answer, WiFi security has a very poor record I'm sure the existing schemes could be greatly improved. One of the hardest things about improving WiFi security is convincing all the players to support your great new scheme. All the hardware providers, all the operating system writers, all the device drivers etc. And then the multi-year lag as every WiFi device needs to be updated. – David Waters Jun 18 '15 at 23:21
  • One could get around that hard thing with [adapters](http://www.amazon.com/s?ie=UTF8&page=1&rh=i%3Aaps%2Ck%3AWiFi%20USB), although doing so would come with a per-user cost. –  Jun 19 '15 at 01:42
  • Thinking about that more, it actually seems like a custom browser ought to be enough, rather than needing to give each user a custom piece of hardware. –  Jun 19 '15 at 01:47
2

The problem with passwords is that the person (or device) supplying the password needs to now what it is. It might seem obvious (I can't type my password in if I don't know what it is), but it's also the problem encountered here. When a device (e.g. laptop) tries to connect to a WiFi network protected by a password the device itself will need to supply the password - so it needs to be stored somewhere on the device. So long as the device is unlocked anyone with physical access will be able to retrieve that password (some OSs make it easy, some require a bit more work, but it'll always be there).

WiFi passwords are probably fine where you trust everyone who has physical access to the devices (e.g. at home), but in more public environments you shouldn't rely on shared passwords (how do you know who knows the password?) and should use a more appropriate level of protection (e.g. 802.1X).

Eborbob
  • 226
  • 1
  • 9
  • (It certainly seems to me that) WiFi protocols _could have_ been designed so that, just like SSL and TLS, although "the device itself will need to supply the password", that's _only_ for _logging in_ to the WiFi network, rather than subsequently using the WiFi network. –  Jun 19 '15 at 18:23