Click the above Computer Enthusiasts to follow us
Yesterday, a friend asked me how to completely prevent unauthorized access to my Wi-Fi. Today, I will focus on Wi-Fi encryption and the issue of unauthorized access, discussing what methods can effectively eliminate this problem.
Choosing the Right Encryption Mode is Crucial
The first line of defense against unauthorized access is the Wi-Fi password. Currently, most wireless routers offer at least three different encryption methods, and these methods vary in quality, so it’s worth understanding them.
WEP
WEP, or Wired Equivalent Privacy, is a protocol for encrypting data transmitted wirelessly between two devices. It was replaced by Wi-Fi Protected Access (WPA) in 2003, and then by the complete IEEE 802.11i standard (also known as WPA2) in 2004. WEP encryption is well-known for being easily cracked, and it’s perplexing that this outdated standard still exists in some routers today. I strongly do not recommend using this encryption method.
Security Level: ☆☆
WPA-PSK [TKIP]
WPA-PSK [TKIP] is a temporary supplemental encryption protocol that essentially extends WEP’s encryption theory, but with improved effectiveness. However, this encryption method can slow down wireless speeds and is only a temporary solution, later replaced by WPA2.
Security Level: ☆☆☆
WPA2-PSK [AES]
WPA2-PSK [AES] refers to the Advanced Encryption Standard (AES), which further enhances the encryption mechanism. This mode is very hard to crack and does not affect network speed, offering better performance.
Security Level: ☆☆☆☆
WPA-PSK [TKIP] + WPA2-PSK [AES]
Another encryption mode is WPA-PSK (TKIP) + WPA2-PSK (AES), which is currently the highest encryption mode available in wireless routers. I personally use this mixed encryption method, which offers the highest security. However, this mode may not be available in some routers, in which case I recommend setting Wi-Fi to WPA2-PSK with AES encryption.
Security Level: ☆☆☆☆☆
Hiding the SSID is Also a Good Method
Another step is to hide the Wi-Fi SSID, which refers to the name of the Wi-Fi signal.
If unauthorized users do not know the Wi-Fi name, they cannot attempt to crack it. However, there are no perfect solutions; some devices, like certain smart plugs, may not be able to find the hidden Wi-Fi and will require SSID broadcasting to be enabled.
Whitelist Mode is Another Step
Whitelist mode refers to setting an access control system based on the MAC addresses of network devices. Only devices with MAC addresses on the list can access the network. Each device has a globally unique hexadecimal address that does not repeat, making this security mode the highest. Because even if the encryption method is weak and unauthorized users crack it, they will still be unable to access the network due to not being on the router’s whitelist.
To find your device’s MAC address in Windows 10, click on the network icon in the taskbar, then in Ethernet/WLAN, click on your connected network to view the device properties. Locate your MAC address and fill it into the router’s MAC address list as shown above (the interface may vary across different routers, so you may need to look for it).
Finally, avoid using shared apps that can collect Wi-Fi passwords. If your router has a guest mode, allow visitors to access only the guest Wi-Fi, which is much safer.
Click “Read the Original” to see more exciting content