• Mac Security: Wi-Fi Security

    Home » Forums » AskWoody support » Apple » Apple operating systems » macOS » Mac Security: Wi-Fi Security

    Author
    Topic
    #1685060

    This is the final installment of our Mac Security series (although not my final Mac related post as I’ll continue posting each weekend). If anyone has any additional Mac security topics I haven’t covered, feel free to post a thread, and I’ll be pleased to answer it.

    This week I wanted to briefly examine three areas relating to Wi-Fi security.

    Securing In-Home Wi-Fi

    It is important to ensure one’s in-home Wi-Fi network is secure, as not securing one’s in-home Wi-Fi network opens the door to attackers, as well as anyone simply using your home Internet connection for free. My personal recommendation is to use a Wi-Fi password that utilizes WPA2 instead of WPA or WEP. If you’re not sure which form of Wi-Fi security you have, ask your router manufacturer or ISP. If it’s anything less than WPA2, find out what it would take to switch the security to WPA2. WPA3 is also coming which will be even more secure, but it doesn’t have broad device support at the moment. Eventually, it will be good to migrate to WPA3.

    Adding Guest Access to Wi-Fi

    Many routers also offer the ability to enable guest access to the Wi-Fi network, and it’s generally a good idea to enable a router’s guest access, provided it’s also secured with a password that’s separate from the main Wi-Fi network password, and that guest access also uses a WPA2 password. When guests are visiting, you simply don’t want them having full access to everything on your network when accessing your Internet. Taking a few moments to provide them with a separate network that allows them to access the Internet without handing them the keys to your main network is a smart move. Even then, it is good to only give out the guest network password to guests you’d trust on your network. If guests perform anything nefarious or illegal on your network, it could get traced back to you (as I have seen with some churches with guests in the past).

    Use a VPN on Public Wi-Fi

    Now that I have unlimited data on my iPhone and high data caps on my iPad and iPhone’s mobile hotspot, I’ve had less of a need to use Public Wi-Fi. I can use my iPhone and iPad on LTE and connect a Mac to my iPhone’s mobile hotspot on-the-go. However, for the times when I need to dip into Public Wi-Fi, I use and recommend others use a VPN. (Virtual Private Network). Public Wi-Fi networks are generally not secure, and anyone on the network can snoop around on network traffic. This article explains what a VPN does. VPN’s were originally created for office workers who needed to remote into their company network (I do this for a company I remotely work for), but consumer versions of VPN providers have gained popularity since they route Wi-Fi traffic through a secure tunnel. I’ve personally tested WiTopia and Private Internet Access. Both offer good performance. I found Private Internet Access works well with Windows/Android whereas WiTopia works well with macOS/iOS. I’m personally using WiTopia at the moment since I need Cisco IPSec support. VPN services come in multiple “flavors” (PPTP, L2TP, Cisco IPSec, and OpenVPN are the main ones). PPTP is an older variant that isn’t as secure. I personally recommend L2TP or Cisco IPSec (I’ve had the best experience with Cisco IPSec). OpenVPN is solid as well but a little harder to configure. Verizon also offers Safe Wi-Fi which I may test at a later date.

    Thanks for reading the Mac Security series! Feel free to post any questions!

    Nathan Parker

    3 users thanked author for this post.
    Viewing 6 reply threads
    Author
    Replies
    • #1692529

      25,000 Linksys routers are reportedly leaking details of any device that has ever connected to it

      The flaw that may have been leaking data since 2014 reportedly exposes routers that haven’t had their default passwords changed, and it can even help lead hackers to physically locate devices and users in the real world…

      https://appleinsider.com/articles/19/05/18/researcher-claims-25000-linksys-routers-are-leaking-details-of-devices-that-have-ever-connected-to-them

      1 user thanked author for this post.
    • #1697984

      Thanks for this. I only spent a short time with a Linksys Velop. Glad I took it back and went with a cloud-managed router (Cambium Networks) from my ISP. It is disturbing to know.

      Nathan Parker

    • #1699113

      Thanks for choosing to write about this topic. It is amazing that, as noted by Alex5723,  certain routers “may have been leaking data since 2014” and nobody noticed, or else chose to do something about it!

      A few years ago , when I first got it, I changed the password in my WiFi router so it is no longer “12345” or whatever it had been assigned to it in the factory. And the WiFi channel encryption is WPA2 .

      Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

      MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
      Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
      macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

      2 users thanked author for this post.
    • #1701102

      According to ArsTecnica’s Dan Goodin has reported WPA3 is already broken before release to market:
      https://arstechnica.com/information-technology/2019/04/serious-flaws-leave-wpa3-vulnerable-to-hacks-that-steal-wi-fi-passwords/

      Maybe WPA3 will all be fixed by release to market?

      2 users thanked author for this post.
    • #1708565

      Good article on WPA3. It likely will, and another reason I recommend holding off on WPA3 and sticking with WPA2 at the moment. WPA2 is pretty solid and better than the other technologies out there, so I’ll run with it until WPA3 has ironed out the kinks.

      I also use an enterprise WAP instead of consumer devices. I’ll allow the consumers to be the “beta testers” while I stay on tried and true technology that works.

      Nathan Parker

    • #1743674

      The biggest issue with WiFi on Mac is the requirement to provide the password to connect. Entering
      l]rd%~@$XT=_$22(5Truz1L4+=+0#rW]OX[I9~_Ag9^rf0g>"iMWU+Ct";R!*SQ
      on the keyboard is not trivial, especially if you are visiting.
      At least on Win/Android you can use the “slightly less secure” WPS push button.

      cheers, Paul

      • This reply was modified 3 years, 8 months ago by Paul T.
      • #1744971

        Paul T: I am typing this at home, in my Mac laptop and connected to my router via WiFi, as usual since I first set up the WiFi feature when I first got this machine in June of 2017, except for a few occasions when I’ve had to send some information I was very cagey about potentially being spied upon, so I connected to the router using the Ethernet cable, with WiFi off.

        And never, after that very fist time, have I had to enter my WiFi password again.

        Maybe you are remarking on some other kind of connection via WiFi? At a hot spot, or some coffee shop, perhaps? My laptop stays home almost all the time, with only rare excursions into the wider world. And I’ve never tried to connect to hot spots anywhere, or to some business’ place or hotel WiFi, even then.

        Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

        • #1744974

          And never, after that very fist time, have I had to enter my WiFi password again.

          Methinks that’s the event that @Paul-T is referring to in his post just above yours! 🙂

          Even if it’s only once, sometimes entering a very lengthy, complex password can be challenging, especially if one is using a tablet or phone which only has an on-screen keyboard with a different special character layout than a traditional, physical keyboard.

    • #1745398

      A few pointers:

      1. On a Mac, you can copy/paste Wi-Fi passwords into the Wi-Fi password field, and even select a box saying “view password” to ensure it is in there correctly.
      2. Macs have physical keyboards. Only iOS devices (iPhones and iPads) have virtual keyboards, and you can even connect a physical keyboard to an iPad (I use one with mine occasionally).
      3. You can likely copy/paste a Wi-Fi password onto iOS devices as well, and there are ways to easily share Wi-Fi passwords with iOS users.
      4. Once you join a Wi-Fi network on a Mac, it will sync the password and auto-connect iOS devices that are signed into the same iCloud account.

      Nathan Parker

      1 user thanked author for this post.
    Viewing 6 reply threads
    Reply To: Mac Security: Wi-Fi Security

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: