Use WPA instead of WEP, pt 2

Lesson #2) Fine. I'll use the instruction manual. What should I be looking to do? Great! Look for instructions on how to connect to the administration function of the device you are setting up. This will usually be accessible on a private address in the 192.168. range. This means that you plug it in and then use your browser to access a special address that is given to you in the instruction manual. Once you have accessed this function, you should be looking for a security section. This will give you options on what kind of wireless security you want. At the time of this writing, most devices give you three options: open, WEP, and WPA. You want to choose WPA. (Specifically, referring to Pre-Shared Key or "Personal". The Enterprise level is not within the scope of this blog.)

The setup of WPA is really not any more difficult then WEP. Which is what makes it frustrating for me to see people still using WEP. There are probably a handful of situations in which folks may still want to use WEP. Most of these being to support older equipment that was purchased before the WPA protocol was developed. We will cover approaches to using WEP safely later.

Lesson #3) Choose a good password. Good passwords are difficult for humans. They are hard to remember, hard to come up with, hard to type. This is unfortunate and typically leads most people to choosing bad passwords. Bad passwords are short and easy to remember. They are things that can be found in dictionaries or on your myspace page (birthday, dog's name, friend's name, etc). When thinking about a good password for your wireless network, you have one thing going for you; you just don't have to type it very often, if ever. Most modern devices allow you to enter the password one time and it will retain it.

When choosing a password, you want to make it as long as possible and as random as possible. WPA allows for a password of up to 64 hexidecimal characters. I know what you're thinking, how am I going to type in a 64 character password? Don't worry, I will walk you through the approach that I use in a bit. You won't have to type a thing. The point here is that you want the longest password possible. It doesn't make any difference on your day-to-day computer use, but it does increase the time needed for a malicious person to gain access to your network.

Now, to get a random password, you need a thing called a "password generator". With OS X, you can create one using the Keychain application. If you are a Firefox user, there is an excellent extension available called SecurePassword. If neither of these are an option for you, there are a few of them available on the web. My favorite website for this is GRC. GRC's password generator will build the perfect password for WPA merely by accessing the link above. They provide a 64 character hexidecimal password along with a 63 character alpha-numeric one. Either one will work for WPA, so let's choose the alpha-numeric one since it is more human-friendly. When I accessed the site, this is the password that I received:

lKAg0kImzxZ3HdDrlojUaUCXfInGNBXbMai4V7Afz2uh9nMNiByqaCfD3KMXqlD

Don't let this scare you. Just highlight it and copy it into your computer's buffer (ctrl+c or Cmd+c). Open up a text editor and paste (ctrl+v or Cmd+v) it into the text editor. Do a quick File|Save and you've got your password (and you didn't have to type a thing). Now, back to the wireless device we were configuring... You've selected WPA and are prompted to enter the password or the "pre shared key". Just switch back to your text editor, copy your random password, and paste it into the password field. Now, look for the save button and you are done with your access point configuration! Once you hit save, your device will probably restart and anyone currently connected to it will be dropped. They will also not be able to re-connect without your new random password.

Lesson #4) Configure only the computers that you want on your wireless network. Your next challenge is how to get that new password to your laptop so that it can access your wireless network. There are, of course, a number of ways in which to do this. The one that I propose is called the sneakernet. Put on your tin foil hat with me and find a blank disk or USB thumb drive. This password isn't something that you want to leave on your computer, transfer to your friend via email, or post on a website. Ever. You must maintain strict control over this password. Find a disk... floppy, CD, DVD, ZIP, whatever. My preference is CD these days. You want something that will be accessible to most types of computers. Remember that file you created with your text editor? Move it to the disk.

Now, take the disk and insert it into the laptop you want to access your wireless network. Open up the text file, highlight the password, and copy it into your buffer. Now, open up your computers wireless configuration and find your network in the list. Hopefully, it will say "secured" or something to that effect. When you select it, it will prompt for a password. No problem! You just paste the new password into the both fields and you're done. If done correctly, your laptop is now authenticated to your wireless network and you are all set. Just take out the disk and repeat the procedure on any other computers that you want to have connected to your wireless network. Friend of yours is visiting and wants to get their email? Hand them the disk. Just make sure you get it back. :)