|
Recovering and Securing your Wi-Fi Encryption Key
By Eric Geier (NoWiresSecurity Founder
& CEO) - originally published on
InformIT
Trying to connect to the Wi-Fi
network, but you've forgotten your network key or password? Don't
worry, you can get around this problem in several ways:
-
Look for a WPS button or PIN that
can automatically configure the security settings for you.
-
Recover the key from another
computer that can still connect to the wireless.
-
Reset your wireless router to the
original factory settings.
I'll discuss all of these methods in
this article. Let's get started!
Use the WPS Button or PIN
If your wireless router supports Wi-Fi
Protected Setup (WPS), you might not have to find your encryption
key in order to connect. The process is similar to programming a
garage door's remote control. Start by looking on the router itself
for a WPS or security button, or a WPS personal identification
number (PIN) printed on a label. (If your router doesn't have this
button or PIN, skip to the next technique.)
CAUTION: Don't confuse the WPS or security button with the small
reset button, usually located next to the ports on the back of the
router.
For this method to work, the computer or device that you want to
access must also support WPS. Windows 7 supports WPS. If you're
using another Windows version or another type of device, browse its
wireless settings to see whether WPS is supported. If you've
installed the vendor's branded wireless connection manager in
Windows, it might support WPS.
If both the router and your device support WPS, you're ready to give
this method a try. If the router has a button, press it, and then
try to connect to the wireless network. If your router has a PIN
instead of a button, try connecting to the network; you should be
prompted to enter the PIN. In either case, the router should
transfer the network key and configure the device for you.
Recover Your Key with WirelessKeyView
If you have at least one Windows PC
that can connect to the Wi-Fi, you can retrieve the stored key. You
can't simply open your wireless network profile to view the key,
since Windows encrypts these keys. However, you can use a
third-party tool such as WirelessKeyView to recover and decrypt the
key for you.
To get started using WirelessKeyView, visit the site and download
the WirelessKeyView program. Extract the files or run the
WirelessKeyView.exe program directly from the compressed folder. It
should quickly scan for and display all the network keys saved to
Windows. Copy the hex-formatted key and try to connect.
When All Else Fails, Restore the Default Settings
If your gear doesn't support WPS and
you can't get even one computer online, you might have to resort to
starting over. You can restore your router to its original settings,
just as it was when you took it out of the box. However, you'll have
to reconfigure all of your custom settings, such as the network name
and security key.
Before trying this method, get out your installation guide and any
installation CDs that came with the equipment. If you can't find
them, you can probably download the installation details from the
support section of the equipment vendor's website.
When you're ready, find the small reset button on the back of the
router. Some reset buttons require you to insert a safety pin;
others you can press with any old pen tip. Press and hold in this
button for up to 20 seconds. After releasing the button, wait a
minute or two for the router to reset itself and reboot. Then you
should be able to connect with no problem to the default network
name, which is usually the vendor's name. Be sure to reconfigure
security (preferably WPA2) on the router and then on your computers.
Businesses: Replace Your Keys with Usernames and Passwords
If you're dealing with a network used
by a business or organization, you actually shouldn't be using
encryption keys or passphrases. Instead, you should be using the
Enterprise mode of WPA or WPA2 encryption. In this mode, you connect
to the wireless network by using usernames and passwords.
Since the actual network keys are securely managed in the
background, this mode protects you from rogue employees and thieves.
For example, if you're using the simple Personal or pre-shared key (PSK)
mode of WPA or WPA2, the actual encryption key is stored on the
computers and end-user devices. If the laptop or device is stolen or
lost, the thief or finder of the equipment would have access to your
network key. By contrast, if you're using Enterprise mode, you just
have to cancel a user's account or change the password to prevent
that former employee from accessing your network. That approach is
much easier than changing the encryption key on all your computers!
One problem you might run into when using Enterprise mode is that it
requires an external server, called a RADIUS AAA server, for
performing the 802.1X authentication. Setting up your own server can
take a lot of time and money, so you may want to consider a hosted
service such as AuthenticateMyWiFi.
Save Your Key!
Now that you finally have your
encryption key or passphrase, remember it! If you're working with a
home network, consider saving your key or passphrase in a text file
or word-processing document and placing it in your personal files.
You might even place it in the Documents folder on every computer.
Another great idea is to write your key or passphrase on a small
piece of paper and tape it to the bottom of your router. That way,
you always know where it is. |
