By Eric Geier
Jan. 26, 2017
Lost or stolen Wi-Fi devices can be security threats
You can lock down your Wi-Fi with the most stringent security, but if you lose your smartphone, tablet, laptop, or any other device that you’ve connected to your Wi-Fi network, whoever recovers it will be in a position to access to every network you’ve connected to in the past, since those passwords will have been saved to that device by default. Depending on who recovers the device, where they found it, and how much info they can glean from it, they might even be able to figure out where those networks are physically located.
Here's an example of how thieves can use seemingly legit programs, such as Nirsoft’s WirelessKeyView, to reveal all the saved Wi-Fi passwords on your device.
If you lose a mobile device, see if you can remotely lock or even wipe it (you do back it up on a regular basis, right?) to prevent any unauthorized person from gaining access to the Wi-Fi passwords and any other data you have on it. Secondly, it’s a good idea to change the Wi-Fi password of all the networks you connected it to in the past. Some private networks might not be in your control, so you should notify the parties who are responsible for them—especially your employer.
If you’d been using the simple personal Wi-Fi security modes of WPA or WPA2—technically known as pre-shared key (PSK)—you’ll need to change the password on the gateway or router and then enter that new password on all your other network devices the next time they connect. That will be a moderate inconvenience for the typical home with just a handful of Wi-Fi devices. For a business with dozens of devices on its wireless network, it could be a major pain.
There is a means of mitigating the disruption of compromised passwords, but its complexity and infrastructure requirements put it outside the reach of the typical consumer. This version of WPA or WPA2 is typically called “enterprise mode,” and it works like this: Instead of everyone using the same Wi-Fi password to connect to the network, each user is assigned a unique user ID and password. Any user account that becomes compromised can be changed individually or revoked entirely without impacting anyone or anything else.
Keep in mind, there’s another mode of WPA and WPA2 Wi-Fi security, typically called enterprise mode, which delivers better protection against incidents like this. Instead of everyone using the same Wi-Fi password for the network, each user would receive their own username and password, which could always be individually changed or revoked if a device becomes lost or stolen.