Hi all,
I think most of us here on Murga have it in our heads (and actual practice) to be proactive with regards to passwords (long 12-24 length passwords with random characters, numbers and special characters) for everything we do in this digital age, but I was wondering what some of you do specifically regarding frequency of changing your router's wifi password?
Every month?
Every 3 months??
Every 6 months???
Once a year?
Set it once and then forget about it?
Never even set one, love living dangeorusly?
???????
I know this question depends a lot on your situation (i.e. live in city, or out in the suburbs/farm country, near others, not near anyone), but I was just curious. Why?
Our resident prolific security-minded article-linking poster (labbe5), has linked more than a few articles over the past few years where the interviewed person(s) in those articles are talking/recommending to change your router's wifi password once every few months or so.
What say you all??
Router's Wifi Password Frequency of Change
Same frequency with which I change the router passwords for other routers along connections - in other words never. Use intrusion detection instead, but where if out and about I'd just move on if a intrusion were detected, with your home router you'd have to instead manage that yourself - reset/change passwords).
You can use software to detect that named dns's are actually being used, in our case however we can't even change the routers dns's, they're fixed at the ISP's. Pre-defined ssh keys ensures no man-in-middle attack, and a ssh server can instead be used to carry all traffic (along with using different dns's). If whilst out and about key based ssh connection reports 'servers keys have changed' then that's a red-flag (move on). Similarly at home it would be suggesting to investigate the router having been compromised.
If your local systems are all set up to protect against each other, i.e. as though the local lan was wan (open) - untrusted, and your ssh private keys are kept safe, then that's good enough for our domestic purposes. I store my ssh keys in a ccrypt (strong encryption) and only open that up for the duration of making connections (once connected, the private key is no longer needed).
Similarly our default assumption is that system/OS is compromised, not safe (unlike the more common assumption). By rebooting to a known clean/safe OS from otherwise disconnected media (boot from usb, unplug usb once booted) then at least following initial bootup you can be reasonably confident that's clean. So for the likes of banking - cold boot, direct to banks web site and nowhere else before or after, cold shutdown afterwards. For the rest just accept the potential session compromised risk - as the only other choice is to not use the internet at all.
We do have mac/device filtering activated in the router, so each new device requires that mac/device being added to the table before the router will accept connections, so any cracker has to both spoof a current mac as well as know the password/key. Where the router admin is also set to only be permissible from a single hard wired device (desktop pc with ethernet connection).
It's really all just a case of for domestic use if your doors/windows are closed, but a neighbour leaves their doors or windows open then they're more likely to be the ones that are targeted. In our local vicinity there are around 20 total connects from our location and within that set there are a few that are very weakly protected. If we were more rural I'd perhaps set up a second router with weak protections solely for the purpose of attack detection, but as we are I feel no need for that.
You can use software to detect that named dns's are actually being used, in our case however we can't even change the routers dns's, they're fixed at the ISP's. Pre-defined ssh keys ensures no man-in-middle attack, and a ssh server can instead be used to carry all traffic (along with using different dns's). If whilst out and about key based ssh connection reports 'servers keys have changed' then that's a red-flag (move on). Similarly at home it would be suggesting to investigate the router having been compromised.
If your local systems are all set up to protect against each other, i.e. as though the local lan was wan (open) - untrusted, and your ssh private keys are kept safe, then that's good enough for our domestic purposes. I store my ssh keys in a ccrypt (strong encryption) and only open that up for the duration of making connections (once connected, the private key is no longer needed).
Similarly our default assumption is that system/OS is compromised, not safe (unlike the more common assumption). By rebooting to a known clean/safe OS from otherwise disconnected media (boot from usb, unplug usb once booted) then at least following initial bootup you can be reasonably confident that's clean. So for the likes of banking - cold boot, direct to banks web site and nowhere else before or after, cold shutdown afterwards. For the rest just accept the potential session compromised risk - as the only other choice is to not use the internet at all.
We do have mac/device filtering activated in the router, so each new device requires that mac/device being added to the table before the router will accept connections, so any cracker has to both spoof a current mac as well as know the password/key. Where the router admin is also set to only be permissible from a single hard wired device (desktop pc with ethernet connection).
It's really all just a case of for domestic use if your doors/windows are closed, but a neighbour leaves their doors or windows open then they're more likely to be the ones that are targeted. In our local vicinity there are around 20 total connects from our location and within that set there are a few that are very weakly protected. If we were more rural I'd perhaps set up a second router with weak protections solely for the purpose of attack detection, but as we are I feel no need for that.
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]
So that is what that black delivery looking van/truck is doing sitting outside my home.
Trying to crack my WIFI router password
Trying to crack my WIFI router password
The things they do not tell you, are usually the clue to solving the problem.
When I was a kid I wanted to be older.... This is not what I expected
YaPI(any iso installer)
When I was a kid I wanted to be older.... This is not what I expected
YaPI(any iso installer)