Maybe I'm just being stupid, but whenever you type the password to gain access to a certain Wi-Fi network, how is the password sent to the router securely? Wouldn't it be easy to intercept the password and thus gain access to the network?
Wireless Networking – How Wi-Fi Passwords Are Sent Securely to the Router
passwordsSecuritywireless-networking
Related Solutions
My favorite password storage tool is KeePass:
What is KeePass?
Today you need to remember many passwords. You need a password for the Windows network logon, your e-mail account, your website's FTP password, online passwords (like website member account), etc. etc. etc. The list is endless. Also, you should use different passwords for each account. Because if you use only one password everywhere and someone gets this password you have a problem... A serious problem. The thief would have access to your e-mail account, website, etc. Unimaginable.
KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). For more information, see the features page.
Is there any limit as to how many passwords you can store in it?
Only in theory. You can put as many entries into the database as you want, but at some point your USB key or HDD will be full.
Is there a way to automatically sync changed passwords?
No, not like you expect it.
You'll want to make that a regular, manual process. This can not and should not be automated.
I like to set up expiration dates for all my password entries:
Then I remember to change my passwords regularly. I store the URL of the website with the password entry, so it's a quick process.
Can I automatically log on to a website like Facebook using this software?
No, not automatically either (at least to my knowledge). But this is where Auto-Type comes into play. For example, for Facebook, this is my Auto-Type setup:
As you can see, I've created 3 configurations for different browser titles. This allows me to simply go to facebook.com
, press Ctrl+Alt+A, and the username and password will be automatically entered and I will be logged in.
If you have multiple username/password combinations for the same window title, you'll get a popup window asking you which password entry should be used.
What about mobile?
There are apps that support the KeePass container format on mobile devices. But I stay away from those. I just don't like the thought of my KeePass database on my phone.
I prefer to only transfer single passwords using the QR Code Generator plugin. It lets you generate a QR Code from a password, which you can then scan with your phone. It helps to have an app that can copy the scanned content to clipboard.
Try truncating. First 13, first 12, first 11, first 10 characters of the 14 character password.
and, of course, try "admin" (groan)
Best Answer
The wifi password is never sent to the router. The pre-shared-key is something they already both know, so all the client and AP have to do is prove to each other they know what it is.
The PSK, or password, is used to create a pairwise master key (
PMK
). You can think of this as the password you type in characters converted to a proper key that can be used for encryption and authentication.The AP transmits an
Anonce
, which is just an internally created random number effectively.The client creates an
Snonce
which is another random number. It then uses thePMK
, and theAnonce
and theSnonce
to create aMIC
- a message integrity check.The
MIC
and theSnonce
are sent back to the AP. The AP goes through the same process the client would have, by using theAnonce
, theSnonce
and thePMK
, it should be able to create the sameMIC
that it received from the client. If it did, then both parties have confirmed they know the preshared key.Both parties use this same info to create a
PTK
- pairwise transient key, with which (indirectly) they encrypt data going across the wire.So neither party needs to actually communicate the secret across the wire.