Introduction to WPS for Wi-Fi Networks

wifi-logo-square.jpg

WPS stands for Wi-Fi Protected Setup, a standard feature available on many home broadband routers starting in 2007. WPS simplifies the process of setting up protected connections for the various Wi-Fi devices that connect to home routers, but certain security risks of WPS technology require caution.

Using WPS on a Home Network

WPS automatically configures Wi-Fi clients with the local network name (the router's SSID) and security (typically, WPA2) settings to set up the client for protected connection.

WPS eliminates some of the manual and error-prone steps of configuring shared wireless security keys across a home network.

WPS works only when both the home router and Wi-Fi client devices support it. Although an industry organization called the Wi-Fi Alliance has worked to standardize the technology, different brands of routers and clients tend to implement the details of WPS differently. Using WPS generally involves choosing between three different modes of operation - PIN mode, Push Button Connect mode, and (more recently) Near Field Communication (NFC) mode.

PIN Mode WPS

WPS-capable routers enable Wi-Fi clients to join the local network via the use of 8-digit PINs (personal identification numbers). Either the PINs of individual clients must each be associated with the router, or the router's PIN must be associated with each client.

Some WPS clients possesses their own PIN as assigned by the manufacturer.

Network administrators obtain this PIN - either from the client's documentation, a sticker attached to the unit, or a menu option on the device's software - and enter it into the WPS configuration screens on the router's console.

WPS routers also possess a PIN viewable from inside the console. Some WPS clients prompt the administrator to enter this PIN during their Wi-Fi setup.

Push Button Connect Mode WPS

Some WPS-enabled routers feature a special physical button that, when pressed, temporarily places the router into a specially secured mode where it will accept a connection request from a new WPS client. Alternatively, the router may incorporate a virtual button inside its configuration screens that serves the same purpose. (Some routers support both the physical and virtual buttons as an added convenience to administrators.)

To set up one Wi-Fi client, the router's WPS button should be pressed first, followed by a corresponding button (often virtual) on the client. The procedure can fail if too much time elapses between these two events - device manufacturers normally enforce a time limit of between one and five minutes.

NFC Mode WPS

Starting in April 2014, the Wi-Fi Alliance expanded its focus on WPS to include NFC as a third supported mode. NFC mode WPS enables clients to join Wi-Fi networks by simply tapping two capable devices together, especially useful for smartphones and small Internet of Things (IoT) gadgets. This form of WPS remains in an early stage of adoption, however; few Wi-Fi devices today support it.

Issues with WPS

Because a WPS PIN is only eight digits long, a hacker can determine the number relatively easily by running a script that automatically tries all combinations of digits until the correct sequence is found.

Some security experts recommend against using WPS for this reason.

Some WPS-enabled routers may not allow the feature to be disabled. leaving them prone to the above-mentioned PIN attacks. Ideally a home network administrator should keep WPS disabled except for those times where they need to set up a new device.

Some Wi-Fi clients do not support any WPS mode. These clients must be configured manually using traditional, non-WPS methods.