News

Wireless security: is it really worth upgrading from WEP to WPA?

Earlier this week, the Editor of NewsWireless appeared on television in the UK, warning home wireless users that their security systems may be obsolete. Specifically, it was suggested that Wired Equivalency Privacy (WEP) was no long fit for purpose and that WPA was the way to go. A number of readers have responded: here is a typical example...

I refer to the Manhunt programme on ITV1 on Tuesday 29 May when Guy Kewney discussed broadband Wi-Fi security; the outcome was that "wpa" was the level to use and not wep etc.

I have a Dell XPS laptop with Windows XP operating system and a mini PCI card with Intel PRO/Wireless 2200BG Network Connection; also my other system is BT Total Broadband using the BT Home Hub.

I was interested in the higher security you talked about in the TV programme and therefore rang Bt technical today (30 May) to get them to reconfigure from "wep" to "wpa" security, after 90 minutes on the phone BT concluded that my wireless card was not compatible with "wpa" security and therefore my system was then reconfigured back to "wep" security. I was asked several times by BT why I wanted "wpa" security? I said that I understood that this was a higher level of security; BT was of the opinion that their "wep" security was very good.

Any comments you may have on the above would be appreciated.

[name supplied]

Guy Kewney writes:

We ran a piece on NewsWireless just a few days ago showing how to crack WEP with ordinary downloadable software in minutes.

I can't claim I've ever tried to duplicate this; but I have every reason to believe that WEP is a trivial protection against anybody who wants to get access to your network; and that by contrast WPA with a good password will baffle even an expert hacker for longer than they will be prepared to persist.

Of course I can't tell you what your risk is. It's obviously the case that we protect our houses with flimsy glass barriers and rely on that to say: "Please don't break in!" - and most of the time, that works. If you have no reason to suspect anybody is trying to access your computer, perhaps WEP is adequate. But if you are concerned, then you really have to say: "What am I saving by staying with the old-fashioned tool?"

In that case, a new wireless card that will work with WPA will be very cheap from any online store and I can't think of a good reason to save the money!

You will find either a USB plug-in device like the ReSMA dongle shown left for around 20 pounds sterling, or a PC Card device like the Linksys WiFi / Wireless Network 802.11g PCMCIA Laptop Card 54Mbps , or the Belkin 125g on the right, all available (for example) through Amazon, would almost certainly both work happily with WPA, as would similar devices from well known suppliers like D-Link or Netgear or Buffalo.

You would need to disable the device inside your Dell laptop before you installed either of these, by the way.

Final point: you can protect your WPA device with a far more easily memorable "pass phrase" than the random sequence of HEX digits you need for WEP - and provided your passphrase is not in a dictionary, this on its own may be worth the switch to WPA.

Best passwords are a word, a number, and a word. And if you can remember how to spell the word backwards, so much the better. SELSAEM instead of MEASLES for example! So an example of a really great password would be SELSAEM5678MUMPS - (which I recommend you don't use now I've published it...)

Final disclaimer: if you click to purchase the cards shown here, NewsWireless does receive a commission.