Mastering the Use of Wi-Fi Network Security Keys

They might look intimidating, but they're not difficult to work with

Chaos Computer Club 29C3 (2012)

Patrick Lux / Getty Images

One essential aspect of setting up a Wi-Fi connection is enabling security with the correct settings. If these settings are misconfigured, Wi-Fi devices can fail to connect to the local network. When settings are left at the defaults or not configured at all, a network won't be protected against unwanted connections.

Of the steps involved in configuring security on a Wi-Fi network, the management of wireless keys is the most important. A wireless key is a digital password that users of devices on a network must enter to connect to the network and with each other. All devices on a local Wi-Fi network share a common key.

Wireless keys are a combination of letters and digits in sequences called strings.

Wi-Fi Keys: Types and Options

Setting up security on a Wi-Fi network router, wireless hotspot, or client device involves choosing from a list of security options, then entering a key string that the device stores. Wi-Fi security keys exist in two basic forms:

Hex keys (strings like 0FA76401DB) are the standard format for Wi-Fi devices. ASCII keys are also called passphrases because people often choose easy-to-remember words and phrases for their keys — for example, ilovewifi and hispeed1234.

Wi-Fi devices convert both ASCII and hex keys into binary numbers that become the actual key value used by the Wi-Fi hardware to encrypt data sent over the wireless link.

Some Wi-Fi devices support only hex keys and disallow entering passphrase characters or report an error when you're trying to save a passphrase.

The most common security options for home networking include:

  • 64-bit and 128-bit WEP (wired equivalent privacy), neither of which is recommended because of its inferior level of protection.
  • WPA (Wi-Fi protected access) and WPA2.

Wi-Fi key restrictions depend on the options chosen as follows:

  • 64-bit WEP: Passphrases must be exactly five ASCII characters; keys must be exactly 10 hexadecimal digits.
  • 128-bit WEP: Passphrases must be exactly 13 ASCII characters; keys must be exactly 26 hexadecimal digits.
  • WPA and WPA2: Passphrases must be between eight and 63 ASCII characters; keys must be 64 hex digits.

Additional rules apply to all of the above options when making Wi-Fi keys:

  • Choose keys longer than the minimum, if possible. Longer keys are more secure, although they are also much more difficult to remember.
  • Ensure that shared keys match exactly. All forms of Wi-Fi keys are case-sensitive.

Synchronize Keys Across Local Devices

To ensure all devices on a home or local network are configured correctly with the same Wi-Fi key, first set a key for the router (or another access point), then systematically update each client one by one to use the matching string.

Exact steps for applying a Wi-Fi key to a router or other device vary slightly depending on the specific hardware involved, but as a general rule:

  • Enter keys into the router administration page for wireless settings.
  • Enter keys into a client device through its Settings app or operating system control panel.

Find Keys for Routers and Hotspots

Because the sequence of numbers and letters in a Wi-Fi key can be long, mistyping and forgetting them is common. To find the key string currently in use for a wireless home network, log in to the local router as an administrator and look up the value from the appropriate console page.

A device can't authenticate with the router unless it has the correct key, so you may have to connect your device to the router using an Ethernet cable.

Screenshot of a router main screen showing network security key

Some home routers come with Wi-Fi security options turned on and default keys pre-installed. Such a router typically has a sticker on the bottom showing the key string. Although these keys are private and generally safe to use within a home, the stickers enable anyone inside a home to see its network settings and connect additional client devices to the network without your knowledge. To avoid this risk, override the key on such a router with a different string when you first install it.