Table of Contents
Fetching ...

False Sense of Security on Protected Wi-Fi Networks

Yong Zhi Lim, Hazmei Bin Abdul Rahman, Biplab Sikdar

TL;DR

This paper investigates the false sense of security in Wi‑Fi networks protected by WPA2‑PSK due to weak passphrases. It employs an empirical approach, collecting and analyzing 3,352 PMKID hashes from real Singaporean deployments to quantify weak patterns, including 8‑character numeric passwords and default credentials, and compares these against WPA3 transition scenarios. Key findings show roughly 16% of passphrases are weak, with substantial use of phone‑based digits, dictionary terms, and vendor defaults that enable rapid offline cracking via PMKID or dictionary attacks, even in WPA3‑Personal Transition Mode. The work highlights practical risk and advocates stronger passphrase policies, vendor default mitigation, and broader adoption of SAE/ WPA3 to close the security gap and improve real‑world resilience.

Abstract

The Wi-Fi technology (IEEE 802.11) was introduced in 1997. With the increasing use and deployment of such networks, their security has also attracted considerable attention. Current Wi-Fi networks use WPA2 (Wi-Fi Protected Access 2) for security (authentication and encryption) between access points and clients. According to the IEEE 802.11i-2004 standard, wireless networks secured with WPA2-PSK (Pre-Shared Key) are required to be protected with a passphrase between 8 to 63 ASCII characters. However, a poorly chosen passphrase significantly reduces the effectiveness of both WPA2 and WPA3-Personal Transition Mode. The objective of this paper is to empirically evaluate password choices in the wild and evaluate weakness in current common practices. We collected a total of 3,352 password hashes from Wi-Fi access points and determine the passphrases that were protecting them. We then analyze these passwords to investigate the impact of user's behavior and preference for convenience on passphrase strength in secured private Wi-Fi networks in Singapore. We characterized the predictability of passphrases that use the minimum required length of 8 numeric or alphanumeric characters, and/or symbols stipulated in wireless security standards, and the usage of default passwords, and found that 16 percent of the passwords show such behavior. Our results also indicate the prevalence of the use of default passwords by hardware manufacturers. We correlate our results with our findings and recommend methods that will improve the overall security and future of our Wi-Fi networks.

False Sense of Security on Protected Wi-Fi Networks

TL;DR

This paper investigates the false sense of security in Wi‑Fi networks protected by WPA2‑PSK due to weak passphrases. It employs an empirical approach, collecting and analyzing 3,352 PMKID hashes from real Singaporean deployments to quantify weak patterns, including 8‑character numeric passwords and default credentials, and compares these against WPA3 transition scenarios. Key findings show roughly 16% of passphrases are weak, with substantial use of phone‑based digits, dictionary terms, and vendor defaults that enable rapid offline cracking via PMKID or dictionary attacks, even in WPA3‑Personal Transition Mode. The work highlights practical risk and advocates stronger passphrase policies, vendor default mitigation, and broader adoption of SAE/ WPA3 to close the security gap and improve real‑world resilience.

Abstract

The Wi-Fi technology (IEEE 802.11) was introduced in 1997. With the increasing use and deployment of such networks, their security has also attracted considerable attention. Current Wi-Fi networks use WPA2 (Wi-Fi Protected Access 2) for security (authentication and encryption) between access points and clients. According to the IEEE 802.11i-2004 standard, wireless networks secured with WPA2-PSK (Pre-Shared Key) are required to be protected with a passphrase between 8 to 63 ASCII characters. However, a poorly chosen passphrase significantly reduces the effectiveness of both WPA2 and WPA3-Personal Transition Mode. The objective of this paper is to empirically evaluate password choices in the wild and evaluate weakness in current common practices. We collected a total of 3,352 password hashes from Wi-Fi access points and determine the passphrases that were protecting them. We then analyze these passwords to investigate the impact of user's behavior and preference for convenience on passphrase strength in secured private Wi-Fi networks in Singapore. We characterized the predictability of passphrases that use the minimum required length of 8 numeric or alphanumeric characters, and/or symbols stipulated in wireless security standards, and the usage of default passwords, and found that 16 percent of the passwords show such behavior. Our results also indicate the prevalence of the use of default passwords by hardware manufacturers. We correlate our results with our findings and recommend methods that will improve the overall security and future of our Wi-Fi networks.
Paper Structure (22 sections, 4 equations, 6 figures, 7 tables, 1 algorithm)

This paper contains 22 sections, 4 equations, 6 figures, 7 tables, 1 algorithm.

Figures (6)

  • Figure 1: A diagram of the four-way handshake
  • Figure 2: Known characters vs entropy for an 8 character password
  • Figure 3: A typical QWERTY keyboard layout represented into a 3D matrix
  • Figure 4: An example of a simple passphrase entered sequentially into the matrix separated into 2 halves of the keyboard
  • Figure 5: Passphrase Heatmap
  • ...and 1 more figures