Wireless Encryption

Moonshine · Jul 08, 2015, 08:44:34

Good Morning Netters,

Please could someone advise the safest/most secure type of encryption for home Wi-Fi?

The options on my router are as follows:

1) Mixed WPA-PSK+WPA2-PSK
2) WPA2-PSK (Wi-Fi Protected Access 2 with Pre Shared Key)
3) WPA-PSK (Wi-Fi Protected Access Pre Shared Key)

Also, if I select on my router not to broadcast the SSID, does that mean that others will definitely not be able to see my connection?

Many thanks for your help.

Moonshine.

Simon · Jul 08, 2015, 09:43:18

Others with more expertise may wish to comment also, but I think option 1 is probably the best one to choose as that covers both .

With regards the SSID, you can change it to whatever you like, so other people who may see it listed will not know it's you. I think it might be inconvenient to disable it, as then your own devices won't be able to 'see' it.

Ray · Jul 08, 2015, 10:36:19

I'd agree with Simon and use option 1, I'd also leave the SSID on but change the name to something more meaningful to you.

Moonshine · Jul 08, 2015, 11:30:14

Thank you, that's most helpful.

If it's just to connect my smart phone to wifi at home (I haven't got my home PC set up with wifi - it's via Ethernet, which I'm happy with), and I disable broadcasting the SSID, I assume my smart phone won't be able to detect the connection at all then? Is there actually any security benefit to not broadcasting the SSID?!

Also, can I leave my home PC set up as wired (Ethernet), but still connect my smart phone to my wifi at home? Do I need to change any other settings? There's a button on the front of my router for wifi, but I've never clicked it before!

Is there anything else I can do to protect my connection that I'd need to be aware of?

My smart phone seems to have some kind of wifi called 'wifi sense' - but I've read that it's not very secure??!

I'm just entering the 21st century by buying my first smart phone, so this is all very new to me being a total technophobe!

Many thanks for any advice in advance.

Moonshine.

nowster · Jul 08, 2015, 12:04:09

Option 2 (WPA2-PSK only). Not broadcasting the SSID will not stop the miscreants from detecting your AP from other traffic.

The only reason to use option 1 (WPA/WPA2 mixed) is if there is some old equipment which cannot handle WPA2.

Never ever use WEP nowadays. It's trivially crackable within a couple of minutes using a five year old laptop (my own penetration tests on my own kit).

Oh, and make your password a long (4-6 words) memorable nonsense phrase rather than a complex untypeable mess of mixed case numbers and symbols.

https://xkcd.com/936/

Moonshine · Jul 08, 2015, 16:59:07

Thank you nowster.

pctech · Jul 08, 2015, 20:31:16

Also set WPA group rekey interval to something like 120 seconds.

Moonshine · Jul 09, 2015, 10:37:54

Quote from: pctech on Jul 08, 2015, 20:31:16
Also set WPA group rekey interval to something like 120 seconds.

Good Morning,

Thank you for this. I have absolutely no clue how to do it though, or what it achieves??!! I have a Netgear DGN1000 if that's any help, and couldn't see anything in the wireless router settings for this, or in the advanced section - unless I'm missing something and looking in completely the wrong place??