With the advent of Windows 10 May 2019 Update (version 1903), the Microsoft operating system shows a warning whenever you try to use a “secured” WiFi network with the obsolete WEP or WPA-TKIP. After installing Windows 10 May 2019 Update (version 1903) or otherwise after applying such a feature update, a never-before-seen “Network name is not secure” notification (where ” NetworkName ” is the SSID of the WiFi you are connected to).
The appearance of the message derives from the fact that the selected WiFi connection is protected with an obsolete algorithm: WEP ( Wired Equivalent Privacy ) is the oldest and most insecure algorithm ever, presented by the WiFi Alliance even in 1999, well before Windows XP. WPA-TKIP (WiFi Protected Access Temporal Key Integrity Protocol ) was approved in 2002. Both use the RC4 stream encryption algorithm, which can be cracked very easily. Analyzing the flow of data transferred with RC4, a certain periodicity was detected in the first 256 bytes, and a strong correlation between the key and the keystream.
That’s why WEP and WPA-TKIP no longer have to be used, also because it’s also easy to access a WiFi network (in less than a minute) without knowing the corresponding password. As confirmed on this new support page, the advice is to switch to a newer cryptographic algorithm where possible or, otherwise, to replace the WiFi router completely. It is impossible to intervene on WiFi networks managed by third parties. Still, these networks are insecure because completely unknown subjects can potentially use them. Typing cmd in the Windows 10 search box and then pressing the key combination CTRL+SHIFT+ENTER will open the command prompt with administrator rights.
Here, try typing the following command:
- netsh WLAN show all > %userprofile%\wifi.txt && notepad %userprofile%\wifi.txt
- Examining what is reported starting from the Show profile name paragraph makes it possible to obtain the complete list of WiFi networks you have connected.
The indication to the right of Authentication ( Security settings section ) shows the algorithm used to protect each WiFi. To be safe, it is important to check the WiFi network security algorithm set on the router. After logging into the administration panel (usually, type 192.168.1.1 or 192.168.0.1 in the browser address bar), you will need to go to the WiFi configuration or similar section and make sure you use at least the WPA2-PSK algorithm. With WPA2-PSK, it is also advisable to choose passwords to protect the wireless network between 16 and 20 characters that are sufficiently complex (presence of alphanumeric characters and symbols).
It is important to highlight that on dual-band routers, i.e., which allow you to configure WiFi networks on both 2.4 and 5 GHz, if you want to use both bands, you must use the same security settings (i.e., at least WPA2-PSK and sufficiently long and complex password). Furthermore, the same attention should also be followed to guest WiFi networks made available to guests. In this regard, we recently discovered that some WiFi routers allow those who connect to a guest network to have full visibility even on the devices connected to the main network (wireless and wired): this is a crucial aspect because many people set a simple password on the guest WiFi believing that this network is completely isolated from the main one.
Other suggestions for securing the router are published in the article Router, the operations to make it secure. All while awaiting the diffusion of the WPA3 standard, which has been presented as invulnerable to brute force attacks ( WPA3, what it is and how it works: more security for WiFi networks ) and exceptional for automatic protection – thanks to individual encryption – of sessions browsing on public WiFi networks.
Too bad, however, recently, a group of researchers has already exposed some vulnerabilities of WPA3 that would still allow us to trace the password of WiFi networks: WPA3: the beginning is not the best. Some vulnerabilities were discovered. The WiFi Alliance has pointed out that the problems revealed exist but can be overcome by applying software updates to individual devices (read routers). The various hardware manufacturers have already taken action in this sense.