WPA2 along with a strong passphrase is secure as long as the WiFi Protected Setup (WPS) is disabled. It is most recommended when it comes to securing your WiFi network. WiFi Protected Setup or WPS is a nice idea but using it is a mistake.
Your WiFi extender provides support for WPS and it is likely enabled by default. Similar to UPnP, it is an insecure feature that makes your WiFi network more vulnerable to attack.
What is WPS or WiFi Protected Setup?
Most home users should be making use of WPA2-Personal, also called WPA2-PSK. Here, PSK stands for ‘Pre-Shared Key’. You set up a WiFi passphrase after the new extender setup and then use the same passphrase to connect your device to the wireless network.
This essentially gives you a password that safeguards your WiFi network from unauthorized users. The extender derives an encryption key from your password which it uses to encrypt your WiFi network traffic to make sure people without the key can’t connect to it.
This can be a bit inconvenient as you need to type your password on each new device you connect. That’s why, WPS was created to get rid of this issue. When you connect to a wireless extender with WPS enabled, you will get a message stating that you can use an easier way to connect instead of entering your WiFi password.
Why WPS is Insecure
There are various methods to do WiFi Protected Setup:
The extender has an eight-digit PIN that you have to enter on your devices to connect. Instead of checking the entire eight-digit PIN at once, the extender checks the first four digits separately from the last four digits. You can set up a PIN for your network through mywifiext web address.
According to security experts, PINs are very easy to guess. There are only 11000 possible four-digit codes that can be easily cracked.
Rather than entering a PIN or password, you can just push a button on your extender to get connected. This method is more secure as the devices can only connect for a few minutes after pressing the button. As compared to the WPS PIN method, it won’t be active and available to exploit all the time.
Push-Button-Connect appears to be largely secure, with the only vulnerability being that anyone with physical access to the extender could push the WPS button and connect, even if they didn’t know the WiFi password.
PIN is Mandatory
Despite the fact that the push-button-connect is arguably secure, the PIN authentication method is mandatory that all certified WPS devices must provide support for.
How to Disable WPS?
On the off chance, if your WiFi extender enables you to disable WPS, you will likely find this option under the WiFi Protected Setup section in the mywifiext local web user interface.
It is recommended to disable at least the PIN-based authentication option. On many WiFi range extenders, you will only be able to select whether to turn on or turn off WPS. Choose to turn off WPS if that’s the only option.
With disabled WPS, your WiFi network would be more secure. All WPS does is to connect to WiFi in a more hassle-free manner. In case you create a password you can easily remember, you can connect just as fast. And this is a one-time problem. Once you get connected to WiFi, there is no need to enter the password again. WiFi Protected Setup or WPS is awfully risky over such a small benefit.