The network security key is a password that you can use to connect to a working Wi-Fi network. The safe functioning of the wireless network directly depends on it. Its main task is to protect the Wi-Fi user (owner) from unauthorized connections to it. It may seem to some that such a connection, in general, will not greatly interfere with the Internet. In fact, it is fraught with a significant decrease in Internet speed. Therefore, the utmost attention must be paid to creating a password.
In addition to the complexity of the password being created, the type of data encryption greatly affects the security level of a Wi-Fi wireless network. The importance of the type of encryption is explained by the fact that all data transmitted within a particular network is encrypted. Such a system allows you to protect yourself from unauthorized connections, because without knowing the password, a third-party user using his device simply will not be able to decrypt the data transmitted within the wireless network.
Types of network encryption
Wi-Fi routers currently use three different types of encryption.
They differ from each other not only in the number of characters available to create a password, but also in other equally important features.
The most unreliable and less popular type of encryption today is WEP. In general, this type of encryption was used in the past and is rarely used now. And the point here is not only the moral old age of this type of encryption. He's really quite unreliable. Users using WEP-encrypted devices have a fairly high chance that their own network security key will be compromised by a third party. This type of encryption is not supported by many modern Wi-Fi routers.
The last two types of encryption are much more secure and more commonly used. In this case, users have the opportunity to choose the level of network security. For example, WPA and WPA2 support two types of security checks.
One of them is designed for regular users and contains one unique password for all connected devices.
The other is used for enterprises and greatly improves the reliability of a Wi-Fi network. Its essence lies in the fact that for each individual device its own unique security key is created.
Thus, it becomes almost impossible to connect to someone else's network without permission.
Nevertheless, when choosing your future router, you should opt for the model that supports WPA2 encryption. It is explained by its greater reliability in comparison with WPA. Although, of course, WPA encryption is good enough. Most routers support both of these encryptions.
Finding Your Wi-Fi Security Key
There are several ways to find out your wireless security key.
Not so long ago, it seemed that a wireless network protected with WPA2 technology was quite secure. It is really possible to find a simple key for connection. But if you install a really long key, then neither rainbow tables, nor even GPU acceleration will help you to harden it. But, as it turned out, it is possible to connect to a wireless network without it - by taking advantage of a recently found vulnerability in the WPS protocol.
WARNING
All information is presented for educational purposes only. Intruding into someone else's wireless network can easily be considered a criminal offense. Think with your head.
The cost of simplifications
There are fewer and fewer open access points to which you do not need to enter a key to connect at all. It seems that soon they can be included in the Red Book. If earlier a person might not even know that a wireless network can be closed with a key, protecting himself from extraneous connections, now he is increasingly being prompted about such a possibility. Take, for example, the custom firmware that leading providers release for popular router models to simplify setup. You need to specify two things - username / password and ... a key to protect the wireless network. More importantly, the OEMs themselves try to keep the setup process straightforward. So, most modern routers support the WPS (Wi-Fi Protected Setup) mechanism. With its help, the user can set up a secure wireless network in a matter of seconds, without bothering himself at all with the fact that "somewhere else you need to enable encryption and register a WPA key." Enter in the system an eight-digit symbolic PIN, which is written on the router - and you're done! And here, hold on tight. In December, two researchers at once talked about serious fundamental gaps in the WPS protocol. It's like a back door for any router. It turned out that if WPS is activated in the access point (which, for a minute, is enabled in most routers by default), then you can choose a PIN for connection and extract a key for connection in a matter of hours!
How does WPS work?
The idea of \u200b\u200bthe creators of WPS is good. The mechanism automatically sets the network name and encryption. Thus, the user does not need to go into the web interface and deal with complex settings. And you can easily add any device (for example, a laptop) to an already configured network: if you enter the PIN correctly, it will receive all the necessary settings. This is very convenient, which is why all the major players in the market (Cisco / Linksys, Netgear, D-Link, Belkin, Buffalo, ZyXEL) now offer wireless routers with WPS support. Let's look at it in more detail.
There are three options for using WPS:
- Push-Button-Connect (PBC). The user presses a special button on the router (hard) and on the computer (software), thereby activating the setup process. We are not interested in this.
- Entering the PIN in the web interface. The user enters the administrative interface of the router through a browser and enters an eight-digit PIN code written on the device case (Figure 1), after which the configuration process takes place. This method is more suitable for the initial configuration of the router, so we will not consider it either.
- Entering PIN-code on the user's computer (Figure 2). When connecting to a router, you can open a special WPS session, within which you can configure the router or get the existing settings if you enter the PIN correctly. This is already attractive. No authentication is required to open such a session. Anyone can do it! It turns out that the PIN is already potentially susceptible to a bruteforce attack. But these are just flowers.
Vulnerability
As I mentioned earlier, the PIN is eight digits long - hence there are 10 ^ 8 (100,000,000) options to pick. However, the number of options can be significantly reduced. The fact is that the last digit of the PIN-code is a kind of checksum, which is calculated based on the first seven digits. As a result, we already get 10 ^ 7 (10,000,000) options. But that's not all! Next, take a close look at the device of the WPS authentication protocol (Figure 3). It feels like it was specially designed to leave room for brute force. It turns out that checking the PIN is done in two steps. It is divided into two equal parts, and each part is checked separately! Let's look at the diagram:
- If, after sending the M4 message, the attacker received an EAP-NACK in response, then he can be sure that the first part of the PIN is incorrect.
- If he received an EAP-NACK after sending the M6, then, accordingly, the second part of the PIN is incorrect. We get 10 ^ 4 (10,000) options for the first half and 10 ^ 3 (1,000) for the second. As a result, we have only 11,000 options for a complete search. For a better understanding of how this will work, take a look at the diagram.
- An important point is the possible speed of the search. It is limited by the speed of processing WPS requests by the router: some access points will return a result every second, others - every ten seconds. Most of the time is spent on calculating the public key using the Diffie-Hellman algorithm; it must be generated before step M3. The time spent on this can be reduced by choosing a simple private key on the client side, which will further simplify the calculation of other keys. Practice shows that for a successful result, it is usually enough to sort out only half of all the options, and on average, brute-force takes only four to ten hours.
First implementation
The first implementation of brute-force that appeared was the wpscrack utility (goo.gl/9wABj), written by researcher Stefan Fieböck in Python. The utility used the Scapy library to inject arbitrary network packets. The script can be run only under a Linux system, having previously transferred the wireless interface to the monitoring mode. As parameters, you must specify the name of the network interface in the system, the MAC address of the wireless adapter, as well as the MAC address of the access point and its name (SSID).
$ ./wpscrack.py --iface mon0 --client 94: 0c: 6d: 88: 00: 00 --bssid f4: ec: 38: cf: 00: 00 --ssid testap -v sniffer started trying 00000000 attempt took 0.95 seconds trying 00010009<...> trying 18660005 attempt took 1.08 seconds trying 18670004 # found 1st half of PIN attempt took 1.09 seconds trying 18670011 attempt took 1.08 seconds<...> trying 18674095 # found 2st half of PIN<...> Network Key: 0000 72 65 61 6C 6C 79 5F 72 65 61 6C 6C 79 5F 6C 6F really_really_lo 0010 6E 67 5F 77 70 61 5F 70 61 73 73 70 68 72 61 73 ng_wpa_passphras 0020 65 5F 67 6F 6F 64 6F 6C 75 63 6B 5F 63 72 61 63 e_good_luck_crac 0030 6B 69 6E 67 5F 74 68 69 73 5F 6F 6E 65king_this_one<...>
As you can see, first the first half of the PIN-code was selected, then the second, and in the end the program issued a key ready for use to connect to the wireless network. It is difficult to imagine how long it would take to find a key of this length (61 characters) with pre-existing tools. However, wpscrack is not the only utility to exploit the vulnerability, and this is a rather funny moment: at the same time, another researcher, Craig Heffner of Tactical Network Solutions, was working on the same problem. Seeing that a working PoC appeared on the Web to implement the attack, he published his Reaver utility. It not only automates the WPS-PIN selection process and extracts the PSK key, but also offers more settings so that an attack can be carried out against a wide variety of routers. In addition, it supports many more wireless adapters. We decided to take it as a basis and describe in detail how an attacker can use a vulnerability in the WPS protocol to connect to a secure wireless network.
HOW-TO
As with any other wireless attack, we need Linux. Here I must say that Reaver is present in the repository of the well-known BackTrack distribution, which, moreover, already includes the necessary drivers for wireless devices. Therefore, we will use it.
Step 0. Preparing the system
BackTrack 5 R1 is available for download on the official website as a virtual machine for VMware and a bootable ISO image. I recommend the last option. You can simply write the image to a disc, or you can use the program to make a bootable USB flash drive: one way or another, having booted from such a media, we will immediately have a system ready to work without unnecessary problems.
Wi-Fi Hacking Express Course
- WEP (Wired Equivalent Privacy) The earliest technology for securing a wireless network proved to be extremely weak. It can be cracked in literally a few minutes, using the weaknesses of the RC4 cipher used in it. The main tools here are the airodump-ng sniffer for collecting packets and the aircrack-ng utility, which is used directly to crack the key. There is also a special tool wesside-ng, which generally breaks all nearby points with WEP in automatic mode.
- WPA / WPA2 (Wireless Protected Access)
Brute force is the only way to find a key for a closed WPA / WPA2 network (and even then only if there is a dump of the so-called WPA Handshake, which is broadcast when the client connects to the access point).
Brute force can take days, months and years. To increase the enumeration efficiency, specialized dictionaries were first used, then rainbow tables were generated, later utilities appeared that used NVIDIA CUDA and ATI Stream technologies for hardware acceleration of the process using the GPU. The tools used are aircrack-ng (dictionary brute force), cowpatty (using rainbow tables), pyrit (using a video card).
Step 1. Login
The default login and password are root: toor. Once in the console, you can safely start "X" (there are separate assemblies of BackTrack - both with GNOME and with KDE):
# startx
Step 2. Installing Reaver
To download Reaver we need internet. Therefore, we connect the patch cord or configure the wireless adapter (menu "Applications\u003e Internet\u003e Wicd Network Manager"). Next, we launch the terminal emulator, where we download the latest version of the utility through the repository:
# apt-get update # apt-get install reaver
Here I must say that version 1.3 is in the repository, which personally did not work for me correctly. Looking for information about the problem, I found a post by the author who recommends updating to the highest possible version by compiling the sources taken from SVN. This is, in general, the most versatile installation method (for any distribution).
$ svn checkout http://reaver-wps.googlecode.com/svn/trunk/ reaver-wps $ cd ./reaver-wps/src/ $ ./configure $ make # make install
There will be no problems with the assembly under BackTrack - checked personally. In the Arch Linux distribution I use, installation is even easier, thanks to the presence of the appropriate PKGBUILD:
$ yaourt -S reaver-wps-svn
Step 3. Preparing for brute force
To use Reaver, you need to do the following:
- put the wireless adapter into monitoring mode;
- find out the name of the wireless interface;
- find out the MAC address of the access point (BSSID);
- make sure that WPS is activated on the point.
First, let's check that the wireless interface is generally present in the system:
# iwconfig
If the output of this command contains an interface with a description (usually wlan0), then the system recognized the adapter (if it was connected to a wireless network to load Reaver, then it is better to terminate the connection). Let's put the adapter into monitoring mode:
# airmon-ng start wlan0
This command creates a virtual interface in monitoring mode, its name will be indicated in the command output (usually mon0). Now we need to find the access point for the attack and find out its BSSID. Let's use the airodump-ng utility for wiretapping wireless broadcasts:
# airodump-ng mon0
A list of access points within range will appear on the screen. We are interested in points with WPA / WPA2 encryption and PSK key authentication.
It is better to choose one of the first in the list, since a good connection with the point is desirable for carrying out an attack. If there are a lot of points and the list does not fit on the screen, then you can use another well-known utility - kismet, where the interface is more adapted in this regard. Optionally, you can check on the spot whether the WPS mechanism is enabled at our outlet. To do this, the wash utility is included with Reaver (but only if you take it from SVN):
# ./wash -i mon0
The parameter is the name of the interface switched to the monitoring mode. You can also use the ‘-f’ option and feed the utility a cap-file created, for example, by the same airodump-ng. For some unknown reason, the wash utility was not included in the Reaver package in BackTrack. Hopefully, by the time this article is published, this error will be fixed.
Step 4. Launch brute force
Now you can proceed directly to brute force PIN. To start Reaver in the simplest case, you need a little. You just need to specify the name of the interface (which we previously transferred to monitoring mode) and the BSSID of the access point:
# reaver -i mon0 -b 00: 21: 29: 74: 67: 50 -vv
The "-vv" switch enables extended output from the program so that we can make sure everything works as expected.
Reaver v1.4 WiFi Protected Setup Attack Tool Copyright (c) 2011, Tactical Network Solutions, Craig Heffner
If the program consistently sends PINs to the access point, it means that everything has started well, and it remains stupid to wait. The process can be delayed. The shortest time in which I managed to harvest my PIN was about five hours. As soon as it is selected, the program will happily inform you about it:
[+] Trying pin 64637129 [+] Key cracked in 13654 seconds [+] WPS PIN: "64637129" [+] WPA PSK: "MyH0rseThink $ YouStol3HisCarrot!" [+] AP SSID: "linksys"
The most valuable thing here is, of course, the WPA-PSK, which can be used immediately to connect. Everything is so simple that it doesn't even fit in my head.
Can you protect yourself?
You can still protect yourself from an attack in one way - turn off WPS nafig in the router settings. True, as it turned out, this is not always possible. Since the vulnerability does not exist at the implementation level, but at the protocol level, it is not worth waiting for an early patch from the manufacturers that would solve all the problems. The most they can do now is to counter brute force as much as possible. For example, if you block WPS for one hour after five unsuccessful attempts to enter the PIN, the brute-force process will take about 90 days. But another question is, how quickly can such a patch be rolled out to millions of devices that work around the world?
Pumping Reaver
In the HOWTO, we showed the simplest and most versatile way to use the Reaver utility. However, the implementation of WPS differs from manufacturer to manufacturer, so in some cases additional configuration is required. Below I will provide additional options that can increase the speed and efficiency of the key iteration.
- You can set the channel number and SSID of the access point: # reaver -i mon0 -b 00: 01: 02: 03: 04: 05 -c 11 -e linksys
- The '-dh-small' option has a beneficial effect on the brute force speed, which specifies a small value for the secret key, thereby facilitating calculations on the access point side: # reaver -i mon0 -b 00: 01: 02: 03: 04: 05 -vv - -dh-small
- The default response timeout is five seconds. It can be changed if necessary: \u200b\u200b# reaver -i mon0 -b 00: 01: 02: 03: 04: 05 -t 2
- The default delay between attempts is one second. It can also be configured: # reaver -i mon0 -b 00: 01: 02: 03: 04: 05 -d 0
- Some access points may block WPS for a certain time, suspecting that they are trying to get fucked. Reaver notices this situation and pauses the iteration for 315 seconds by default, the duration of this pause can be changed: # reaver -i mon0 -b 00: 01: 02: 03: 04: 05 --lock-delay \u003d 250
- Some implementations of the WPS protocol will terminate the connection if the PIN is incorrect, although by specification they must return a special message. Reaver automatically recognizes such a situation, for this there is an option '-nack': # reaver -i mon0 -b 00: 01: 02: 03: 04: 05 --nack
- The ‘—eap-terminate’ option is designed to work with those APs that require termination of the WPS session using the EAP FAIL message: # reaver -i mon0 -b 00: 01: 02: 03: 04: 05 --eap-terminate
- Errors in the WPS session may mean that the AP limits the number of attempts to enter the PIN-code, or is simply overloaded with requests. Information about this will be displayed on the screen. In this case, Reaver pauses its activity, and the pause time can be set with the '—fail-wait' option: # reaver -i mon0 -b 00: 01: 02: 03: 04: 05 --fail-wait \u003d 360
FAQ
Q: What kind of wireless adapter do I need to jailbreak?
Answer: Before experimenting, you need to make sure that the wireless adapter can work in monitoring mode. The best way is to check the list of supported hardware on the Aircrack-ng project site. If the question arises about which wireless module to buy, then you can start with any adapter based on the RTL8187L chipset. USB dongles are easy to find online for $ 20.
Q: Why am I getting "timeout" and "out of order" errors?
Answer: This usually happens due to low signal strength and poor connection with the access point. In addition, the access point may temporarily block the use of WPS.
Question: Why is my MAC address spoofing not working?
Answer: Perhaps you spoof the MAC of the virtual interface mon0, and this will not work. You must specify the name of the real interface, for example, wlan0.
Question: Why does Reaver work poorly with a bad signal, although the same WEP cracking is fine?
Answer: Typically, WEP cracking occurs by re-forwarding the intercepted packets in order to obtain more initialization vectors (IVs) required for a successful cracking. In this case, it does not matter if any packet was lost or was somehow damaged along the way. But for an attack on WPS, you must strictly adhere to the packet transfer protocol between the access point and Reaver to verify each PIN. And if at the same time some packet is lost, or comes in an obscene form, then you will have to re-establish the WPS session. This makes attacks on WPS much more signal strength dependent. It is also important to remember that if your wireless adapter sees the access point, this does not mean that the access point also sees you. So if you are the proud owner of a high-power adapter from ALFA Network and an antenna for a couple of dozen dBi, then do not hope that you will be able to break all caught access points.
Question: Reaver sends the same PIN to the access point all the time, what's the matter?
Answer: Check if WPS is activated on the router. You can do this with the wash utility: run it and make sure your target is on the list.
Question: Why can't I associate with an access point?
Answer: This may be due to poor signal strength or because your adapter is not suitable for such surveys.
Question: Why do I keep getting rate limiting detected errors? Answer: This is because the access point has blocked WPS. Usually this is a temporary block (about five minutes), but in some cases a permanent ban can also be slammed (unblocking only through the administrative panel). There is one unpleasant bug in Reaver version 1.3, due to which the removal of such locks is not detected. As a work-round, it is suggested to use the '—ignore-locks' option or download the latest version from SVN.
Q: Can I run two or more Reaver instances at the same time to speed up the attack?
Answer: Theoretically, it is possible, but if they hammer on the same access point, then the brute-force speed will hardly increase, since in this case it is limited by the weak hardware of the access point, which is already loaded to the full with one attacker.
Anyone knows that when trying to connect to secure wireless networks, the message "Enter the network security key" is often displayed. What this key is, what it is for, how it is used, where to find it and how to determine it by various methods, will be discussed further. Actually, each user already knows what it is, but, perhaps, simply does not know about the true state of affairs. In fact, after reading the material presented below, any user will no longer have any questions related to understanding the term itself, and with the methods used to determine such a key.
What is a general network security key?
So, what is the understanding of this term? If anyone does not know, the security of wireless networks is ensured by protection against unauthorized access to the network and encryption of transmitted and received data.
At the same time, the concept of a key is in no way related to the type of encryption used, but refers precisely to ensuring secure entry. As many have probably already guessed, the question of what is a network security key has the only correct answer: this is the most common access password that is entered when requested from the router. It can consist of any set of Latin letters, numbers and symbols.
How it works?
In the question of what a network security key is, it is impossible to ignore some aspects related to how it works. The fact is that the request does not come from the wireless network itself, but from the used router (router or ADSL modem).
When you try to connect to a network defined by your computer, laptop or mobile device, a request is made from the device, which is recorded on the router. In turn, it ensures the security of wireless networks and gives you a kind of invitation to connect, but with the obligatory confirmation of the access password, which in most cases, except for the use of programs that allow you to calculate the key, provides protection against unauthorized connections. We will dwell on the programs a little later, but for now let's see how you can find out such a password in different systems and on different devices.
How to find the network security key in Windows?
And to begin with, let's consider the Windows desktop operating systems in relation to users who, for whatever reason, have forgotten or lost their passwords to access Wi-Fi. What to do if a computer or laptop connects to the network without problems, but you need to access from another device (for example, from a mobile device). Where can I get the network security key? This problem can be solved quite simply.
First, you need to go to the properties of the established connection, using the "Network and Sharing Center". You can call it either through the RMB menu on the connection icon, or go to the corresponding section through the "Control Panel". The properties window uses the security tab, which contains the network name and password. But it is only displayed as dots. How do I find my network security key? Yes, just check the box next to the display of entered characters, and the password will appear before your eyes.
Why is this happening? Yes, only because any operating system, even with a one-time connection, saves the entered names of networks and the password to them, not to mention the connection, which is used by default.
Obtaining a key on a router
In principle, if this option does not suit the user with something, you can go a longer way, using the web interface of the router to obtain it. To do this, you need to enter the settings through any web browser by entering combinations starting with 192.168, after which either 0.1 or 1.1 is added (for non-standard router models, the addresses can differ quite a lot).
After that, go to the section of wireless connection (Wireless), and then in the subsection Security (Security) find the field labeled as PSK. What is written in it is the desired key. If for some reason you cannot enter the router settings, enter the ipconfig combination in the command line and look in the field of the default gateway. This is the address of the router itself.
Finding a security key in Android
We figured out what a network security key is, and how to find it in Windows. Now let's see how to perform similar procedures on Android mobile systems. Everything is somewhat more complicated here.
If the password is not displayed in its normal form in the connection settings, you will have to look for it in the system files, but to access them on the device you need to have Root rights and any file manager. In the manager, sequentially go through the Data / Music / WiFi directories, and in the latter, open a text document with the name wpa_supplicant.conf, and then find the name of the desired network in the text. The corresponding key will be entered next to the name.
Use of specialized programs
On mobile systems, you can use the free WiFi Password Hacker utility, which, after launching, scans all connections ever made, and after selecting the desired network, displays the access password used for it on the screen.
If you need to find out the password to someone else's network, you will have to use a somewhat illegal technique called brute force. For Windows systems, the Aircrack-ng utility is most suitable, and for Android systems, WIBR. Using them is quite simple, so there is no point in focusing on this. But keep in mind that their use, if not illegal, is at least beyond the bounds of decency.
Instead of a total
That's all there is to addressing issues related to the concept of a security key. Regarding the concept itself, only one conclusion can be drawn - this is the most common access password. As for how to recognize it, I think that there should not be any special questions, since this is done quite simply in any operating system. There may be problems with mobile devices in the absence of access rights to system catalogs, however, to obtain the appropriate rights, you can use, for example, the Kingo Root computer utility, which is first installed on a PC and then installs its own driver on a mobile device, after which you will have the rights superuser.
If the router is just purchased and no one has configured it, you can connect to the newly created network without entering any identification data. That is, any owner of a device with a Wi-Fi module can use all the delights of the Internet without the permission of the equipment owner. To prevent this from happening, you need to change the password on the Wi-Fi router immediately after creating the network.
Perhaps, the appearance of an extra user will not affect the speed - most providers are able to provide a decent level with unlimited traffic. But unfortunately, not everything is so simple. There are a number of negative circumstances, the possibility of which should be borne in mind, leaving the network without proper protection.
Each connected device requires the modem to allocate an IP address and hardware resources to ensure communication. All this creates an additional load on the distribution equipment, which in turn will negatively affect the speed and stability of the connection in general. In addition, the lack of password protection lowers the overall level of security and somewhat simplifies access to personal information.
The above is enough to think about changing the authorization settings, especially if there are none, for example, when starting a new router. Next, we will consider how to quickly change or set the Wi-Fi password on routers from different manufacturers (should not be confused with the settings for entering the admin panel). Some important points regarding security settings will be covered.
Password rules
Not every new password can provide an adequate level of security. Many users, especially beginners, prefer not to fool around and enter a set of simple numbers, for example, all ones or 12345678. More inventive people use their name or date of birth. The meaning is clear: to think briefly and easily remember.
Video on composing the correct password:
Hacking a network with such protection will take no more than 5 minutes, even for a student who is not too lazy to read a couple of articles on the Internet. There are tons of programs that come with voluminous dictionaries of commonly used security keys. It is enough to have a desire, an ordinary laptop or smartphone, to provide free access to the network of careless neighbors.
What should be the new password:
- It is necessary to use 8 or more characters (the standard will not allow less);
- It must consist of Latin letters of different register (large and small), numbers, signs (@ $ # and others);
- The sequence of characters should be random and varied. That is, you do not need to enter 6 identical letters, but at the end several characters and numbers. A good password should create fear at the thought of remembering it.
- As mentioned above: no primes, names, or dates of birth.
Some users find it difficult to come up with a replacement password on their own. Then you can resort to using special online generators that will compose a code of any length and complexity. In addition, the network has services for the selection and storage of security data.
Video on working with the utility for creating and storing passwords:
After a suitable password has been invented or generated, it must be saved. You should not rely on your own memory, it is better to write it down on paper, for example, in a notebook. In parallel with the paper version, you can create a text file on your computer.
Suppose a password is generated or invented, recorded and saved on several media. There is little sense in this as long as it is not used in the security settings of the Wi-Fi network. Next, let's look at the process of changing the password on the router.
Change password
To change the security parameters of the access point, you need to go to its management interface. To do this, you need to use the address bar of the browser or the utility supplied on the disk with some routers. The first method is simpler and more versatile.
First, let's find out the IP address of the router. In most cases it is. The exact value is indicated on the label on the bottom of the instrument.
There you can also find out the data for user authorization, set by default. As you can see from the figure, the login and password are admin. This combination is relevant for most models. If suddenly the sticker is lost or erased, the necessary information is in the instructions, if there are no instructions, we look on the Internet.
Here you need to activate the radio button, which is indicated by the red arrow, and then adjust the fields below.
- Version. We leave "Automatic" for correct work with a large number of devices.
- Encryption. We choose AES (the most reliable and proven standard).
- PSK password. Enter the invented or generated network security key in this field.
After specifying all the necessary parameters, we confirm the changes by clicking the "Save" button and restart the router. A restart offer will appear on the same page. If it is absent, a reboot is optional, but it should be done so that all connected Wi-Fi users are authorized. This can be done through the system tools.
After all the above manipulations, the first access to the wireless network will be possible only after entering the password. If, over time, you need to reinstall the security data, you will have to follow the same procedure as for installing a new authorization key.
Difficulties that may arise during security configuration
The most common problems are the lack or loss of the IP-address of the admin panel or authentication data in it. The solution is simple: the firmware of the router is restored to the factory state using a special button.
For TP-Link models, press and hold for 10 seconds. The settings will be reset to factory defaults and you can log in to the standard address using the admin / admin pair for authorization.
If the IP address is lost or changed (for example, it was changed if there are several identical routers on the network), you can find out by running the Windows console on a laptop or PC. To do this, you need to type the combination "Windows + R", the "Run" window will open, in which we enter "cmd". The console will start. In it we write "ipconfig" and press "Enter".
Opposite the inscription "Default gateway" will be the address of the router to which the device is connected.
Password change on popular routers
Using the above sequence of actions, you can change the password on any Wi-Fi router. Differences can be in the control interface of the access point, its address and authorization data. Next, you need to find the Wireless Security tab or a similar menu item. Let's take a closer look at how the password is changed for popular models.
D-Link
Address: 192.168.0.1. Login / password pair: admin. On the main page below, select "Advanced settings".
On the next, select "Security Settings" (circled).
This is a natural occurrence because the client hardware tries to use an old key that is no longer up to date. The problem is solved in two ways:
- On mobile android devices, it is enough to break the connection with the network and re-establish it using a new access code.
- For Windows systems, you must first remove the network, then add it again with the correct authorization information.
Once these minor issues are resolved, the network should function properly. This protection is sufficient for home use. If there is a need to organize security in the office or at the enterprise, you should resort to more sophisticated methods.
The Wi-Fi network security key is a password that can be used to connect to network equipment. The security of a user or a group of users as a whole directly depends on this key.
So what is a network security key? This is a combination of letters and numbers, without knowing which it will be impossible to connect to Wi-Fi. When there is a possibility of unauthorized connection to the network, the network key is especially important.
No matter how complex and intricate the network security key may be, the degree of overall security also depends on the type of data encryption: transmitted within a particular network, they are certainly amenable to encryption.
This approach to data transmission makes it possible to protect equipment from connecting unwanted devices or other users, which means the following: without knowing the password, no matter what combinations the fraudsters enter, it will be impossible to gain access to the transmitted data.
Today stands out:
- WPA2;
The differences between them lie in the availability of certain characters for setting a password, as well as in the degree of reliability and a number of other characteristics.
Thus, the first type is not particularly common at the present time due to its unreliability. This option can be considered a “lived stage”. Users who actively use devices with the type of WEP encryption and use such networks are much more susceptible to hacking from ill-wishers.
Fortunately, most modern routers do not support this type of encryption.
As for WPA and WPA2, they are characterized by a sufficient level of reliability and in practice they are most common. An additional benefit for the user is the choice of the security level.
The named types of encryption support 2 types of security checks:
- Designed for ordinary users and containing a single password for all types of connected devices. That is, to connect, it is enough to enter the specified combination of letters and numbers, and access will be open to the device from which the input was made. WPA or WPA2 key as a method of protecting equipment from connection and a method of data encryption has become widespread today;
- The second type of check is used in practice mainly by large enterprises or organizations in order to improve the reliability and security of a Wi-Fi network. The essence of the security verification method is to create a unique password for individual devices or groups of devices that allows them to connect to network equipment.
A distinctive feature of the vast majority of routers is support for WPA and WPA2 at the same time, which is especially important when it comes to reliability when choosing equipment.
Another important point is how to find the security key.
The key to wi-fi: how to find out
Let's touch on one of the key topics of the question raised at the beginning of the article: how to find out the security key of a wireless network? In order to view the current preset key for your equipment, you can use the options below:
Go to the router settings and check the box "Show network key" (in the screenshot, the interface of the Zyxel keenetic router)
- The easiest way is to access the router settings menu. Standard data for access to the interface is extremely simple - password and login "admin". Just enter them in the appropriate boxes. All that is required from the user further is to enter the equipment interface and access the “wireless mode” menu, then “protection”. This is where your PSK key or password can be found;
- You can also refer to your computer's control panel. We are interested in the Network and Sharing Center. From it you need to go to the "Wireless Networks Management" tab and, having found your own network there, select its properties. On the "security" tab, you must put a tick in the column for displaying entered characters, thereby gaining access to the password;
- Another answer to the question of how to find out the network security key is the following - you can turn to the device connected to the network. It is enough to select the name of the network to which an active connection is being made or has already been established, and in the "Properties" section, select the menu "display entered characters".
Summing up
In conclusion of the material considered, I would like to once again note the advantages of introducing such a measure to protect equipment as security keys and highlight the types of WPA and WPA2 encryption. Choosing them will protect the user or many users of the equipment from unauthorized access and threats associated with the likelihood of hacking.
