FAQ

There are two primary approaches to network setup within Wi-Fi Protected Setup: push-button and PIN entry.  PIN entry is mandatory in all Wi-Fi Protected Setup devices, while push-button is optional and may also be found in some devices.

PIN entry: in all Wi-Fi Protected Setup networks, a unique PIN (Personal Identification Number) will be required for each device to join the network.  A fixed PIN label or sticker may be placed on a device, or a dynamic PIN can be generated and shown on the device's display (e.g., a TV screen or monitor).  PIN is used to make sure the intended device is added to the network being set up and will help to avoid accidental or malicious attempts to add unintended devices to the network.

A registrar device (which could be an Access Point/wireless router, PC television, or other device) will detect when a new Wi-Fi device is in range, and prompt the user to enter the PIN, if he or she wishes to add the new device to the network.  In this mode, Wi-Fi Protected Setup network encrypts data and authenticates each device on the network.  The PIN entry method is supported in all devices.

Push button configuration (PBC): in some Wi-Fi Protected Setup networks, the user may connect multiple devices to the network and enable data encryption by pushing a button. The access point/wireless router will have a physical button, and other devices may have a physical or software-based button.  Users should be aware that during the two-minute setup period which follows the push of the button, unintended devices could join the network if they are in range.

Near Field Communication (NFC:)  Near Field Communication readers can be used to transfer network settings to a new device without requiring manual entry of its PIN.  The NFC method provides strong protection against adding an unintended device to the network. This is an optional method for Wi-Fi Protected Setup Access Points and devices.

No.  Access points/wireless routers which are Wi-Fi CERTIFIED for Wi-Fi Protected Setup will provide a way for the user to "look" at the network settings and manually join older devices to the network.

With PIN configuration, users can ask the Wi-Fi Protected Setup device for special numbers, called WPA keys, and assign them to legacy devices to join the network.  In push button configuration, some companies may offer a firmware upgrade for legacy devices but this will be at the discretion of the individual manufacturer. 

All Wi-Fi devices in a Wi-Fi Protected Setup network must be Wi-Fi CERTIFIED for WPA2 security, however.  Wi-Fi Alliance recommends that users choose devices with WPA2 security for the most advanced protections.

Wi-Fi Protected Setup is an optional certification program.  Consumers should look for the term Wi-Fi Protected Setup or the visual identifier on Wi-Fi CERTIFIED products.

Consumers can also search for Wi-Fi CERTIFIED products that include Wi-Fi Protected Setup at the Wi-Fi Alliance web site: www.wi-fi.org.

That depends.  If all of the devices in your network are Wi-Fi CERTIFIED for WPA2 (Wi-Fi Protected Access) security, and you have enabled those features with a strong passcode, your network is protected by the strongest security technology.  A strong passcode is at least 20 characters in length and combines letters, numbers and symbols, with no discernible words.  However, if any of your equipment only supports WEP (Wired Equivalent Privacy), the network security level will drop back to that level and is not as secure, and should be upgraded.  Moreover, no network is secure if the security features are disabled. 

On most client devices, a user can determine if a network is secured by clicking on the wireless connection properties dialog.  It will indicate the level of network security enabled:

• Open network or none
• WEP (Wired Equivalent Privacy)
• WPA (May also be called WPA-PSK or TKIP)
• WPA2 (May also be called AES or CCMP)

Do not use WEP if you want to have security protections in place.  Wi-Fi Alliance recommends WPA2 with AES as the most advanced security protection available.  If the client device does not support this, a user can check the settings on the access point device to determine the level of security which has been enabled.

Microsoft announced support for WPS in Windows 7.

The Wi-Fi Protected Setup specification is available for download from www.wi-fi.org. A white paper, entitled "Wi-Fi CERTIFIED for Wi-Fi Protected Setup: Easing the User Experience for Home and Small Office Wi-Fi Networks" is also available for free download. 

In the context of Wi-Fi technology, security means two things. First, controlling who can connect to and configure your network and equipment. Second, it means securing the data travelling wirelessly across your Wi-Fi network from unauthorized view.

Wi-Fi security is just one aspect of security for networks. A protected Wi-Fi network is a great start, but you should also consider measures to protect your computer (virus software, firewall, etc.) and your communications across the Internet (virtual private network (VPN), etc.)

Configure your Wi-Fi client devices (laptops, handsets, and other Wi-Fi enabled products) to enable security protections.

Configure for approved connections: Many devices are set by default to sense and automatically connect to any available wireless signal. The Wi-Fi Alliance recommends that you configure your device to not automatically connect to an open network without your approval.

Disable sharing: Your Wi-Fi enabled devices may automatically enable themselves to sharing / connecting with other devices when attaching to a wireless network. File and printer sharing may be common in business and home networks, but you should avoid this in a public network such as a hotel, restaurant, or airport hotspot

Some users may also wish to use complementary security measures to improve the security of their activity over the Internet including virtual private networks (VPNs), firewalls, etc.

A passphrase is the key to a network, so it is a good investment of time to select an effective passphrase. In general, increasing length, complexity and randomness improve the strength of a passphrase. We recommend that your passphrase is at least 8 characters long, and includes a mixture of upper and lower case letters and symbols. Your passphrase should not contain a word found in a dictionary and should not include personal information (identification number, name, address, etc).

Passphrase length and complexity enhances security. For example, implementing a passphrase that is based upon words in any language could be compromised by a program running a comparison against the contents of a dictionary.

Older equipment might not support the latest security standards.  Check to see whether WPA2 security features are supported. Beginning in 2004, some equipment was certified for WPA2 features. All products certified after February 2006 must have WPA2 support. If not available, contact your manufacturer's web site to see if a firmware upgrade is available for download.  If an upgrade to WPA2 is not available you should consider purchasing new equipment.

The Wi-Fi CERTIFIED program is the best indicator that Wi-Fi products from different companies have been tested to work together and have the latest security protections built in. Users should only purchase Wi-Fi CERTIFIED products.

WPA2 is the latest version of Wi-Fi security, and it should be used to protect all Wi-Fi devices.   WPA2 was introduced in 2004 and has been required in Wi-Fi CERTIFIED products since April 2006.  It supports AES, the most advanced encryption standard.  AES is the encryption standard endorsed by the US government. The Wi-Fi Alliance recommends that users select equipment supporting WPA2 to help protect their network from known attacks to their security and privacy.

WPA2 comes in Personal and Enterprise versions. WPA2-Personal uses a passphrase as a simple way to generate a shared key for encryption. The term passphrase refers to a single string of characters that the user enters into all their Wi-Fi devices on the same network. WPA2-Enterprise uses additional software and specialized server equipment to create encryption keys on demand and designed to support larger corporate networks.

WPA2-Personal using a passphrase is equivalent to using security doors with metal keys. All users use the same key. Changing the passphrase for the network requires changing the passphrase for all devices. WPA2-Enterprise is the equivalent to using security doors with electronic card keys. Each user has an individual card key. It is possible to change each user's card key or revoke their card key without disturbing the other users.

WPA (Wi-Fi Protected Access) is an earlier generation of Wi-Fi security certifications, it was introduced in 2003 as an interim solution. The WPA program added support for TKIP (Temporal Key Integrity Protocol) encryption. TKIP is an older form of security technology and has recently been demonstrated to have some vulnerability to cryptographic attacks.  WPA is an older version of Wi-Fi security which was replaced in 2004 with more advanced protocols.  Though the threat of a security compromise is small, users should not purchase new equipment which supports only WPA with TKIP.

WEP is the original security standard for Wi-Fi technology. The RC4 encryption algorithm that WEP is based on is no longer considered secure. WEP should not be used to secure your network.

Recognize that your network is vulnerable. Casual web surfing may not disclose anything private, but do not send any private data over the network or conduct activities such as banking or shopping, Realize that unauthorized users could capture valuable information transmitted over your network or use your network for illegal activities and use it accordingly.

Our website contains the latest on security from the Wi-Fi Alliance and a listing of Wi-Fi CERTIFIED products.

An Evil Twin, sometimes referred to as Wiphishing, is a potential security threat to users
of Wi-Fi, predominantly in public hotspots. A hacker sets up what is called a "rogue
access point" which mimics the characteristics of the network to which users expect to
connect. Users unknowingly connect to the rogue access point and the hacker's
network instead of the intended network.

The Evil Twin hijacks data, such as passwords, account information, credit card
information, etc., and then connects the user to the Internet as intended. A sophisticated
evil twin can even control what Web site appears when the Internet is accessed, often
mimicking the intended starting Web site, for the purposes of capturing the user's private
information.

To date, there have been no reported large-scale incidences of Evil Twin attacks, but
most network administrators have been aware of this theoretical threat for some years.
Recent media coverage of Evil Twin threats has directed consumer attention to the
matter, making users concerned about the problem and how they can protect
themselves.

The Wi-Fi Alliance recommends that users of wireless networks exercise the same level
of caution they've learned to use to avoid scams in the wired world. End users should
change their passwords regularly, not respond to questionable e-mails, and look for
secure connections. As Wi-Fi continues to grow in reach and popularity, consumers
need to make some new simple security precautions a habit, like connecting through a
provider that uses encryption with a list of trusted hotspots, using a VPN, and always
enabling security within a home network. Also, users should make it a point to look for
products that are Wi-Fi CERTIFIED for or WPA2 security.

In reality, the likelihood of attack is low but users should be cautious and use some fairly
simple security precautions to avoid becoming a victim.