I just helped my roommate setup his wifi extender that only required him pressing the WPS button on the router and the extender followed by directly connecting the extender directly into his computer and it worked without a password. Is this normal? how can this be allowed? you can even move the extender anywhere you want and unplug it and it will still connect without password. This seems like a huge security issue to me
4
-
It likely functions just as an amplifier for that network, passing traffic back to the host router for all processing. I doubt that it truly can be moved anywhere, and would guess that it needs to be able to connect to the host network in order to actually function. Or, you know, you could look up the technical specs for the device and learn how it works.– music2myearJul 6, 2020 at 20:11
-
i have already moved it from the living room to the upstairs bedroom and it did connect. This is worrisome as neighbors in the area can also easily access the router and sit in their homes connected to my wifi without the password– ChemEngJul 6, 2020 at 20:14
-
Only if they've already connected to it via WPS. WPS doesn't replace the password, it trades off a little bit of security for convenience by allowing connections to the router for the specific window when the WPS process is initiated. I think you may be seeing a problem where there is not one. If you're worried you could disable WPS on the host router.– music2myearJul 6, 2020 at 20:16
-
yea it was the wps button. Ill look into alternate methods of connecting the extender– ChemEngJul 6, 2020 at 20:29
Add a comment
|
1 Answer
Yes, WPS poses a security risk. The way you linked is called the 'Push button method' and it is a risk primarily if physical access to the router is not secured. It's a quick way to link the devices instead of typing the password. Once they are linked it 'remembers' the pairing so if you unplug or move it around it reconnects just as if you had entered the wireless password and saved it.
This protocol was initially establish by Cisco to make it easier for inexperienced users to quickly setup devices - mostly this was designed for home network users who are in control of physical access to their devices. It can often be disabled in the router if you don't want it.
There's another method of WPS called the PIN method that is very insecure and is different than using the push buttons. It is recommended to disable that method in the router if it is present.
The most secure method is not to use WPS and rely on WPA2 with a strong password.
-
This is a nice comment but it doesn't explain how OPs extender functions. Jul 6, 2020 at 21:32