When was the last time someone came to your home? When was the last time they asked for your password? Have you ever said no, just to be frowned upon? Let’s discuss it.
The Pattern
People tend to ask for WiFi passwords when they enter a space they will stay for a while. And the same people expect the host to provide it, no questions asked. It is almost cultural, and people don’t expect deviations from the “usual behavior.”
Cultural Problems
I was shocked when I tried to do something different than the norm. I didn’t want people to log in to my network. They were not technically savvy to cause damage any damage, but a proper security culture should have no exceptions, at least not for convenience reasons.
So I made a mistake and said, wait to enable the guest network. If I were a criminal, I would receive less hate and bullying (remember, that was an asset I chose to share).
As zero-trust principles don’t usually apply at homes (well, most homes 🙂 ), I am here to discuss why you should be wary of such practices.
Technical Problems
There are a few issues that can arise when you give the WiFi password to everyone.
N.B: The same security problems apply to hotels and cafes. Always use a VPN when using their networks.
The Password Owner Is Your Peer
Now that someone else has your password, they have (by default) the same rights as you on the network. Do you remember this NAS drive that was without a password because “I hide it behind NAT, so it is secure?“
Well, I hope you don’t have sensitive data in there. Even from a smartphone, it is easy to do network discovery while you are in. I have been using fing for various monitoring purposes, but someone can use it for malicious purposes too.
Not to mention the potential to sniff the local network traffic and know your network activity.
Legal
If someone you share your WiFi password with uses your internet connection to engage in illegal activities, you could be held liable for their actions. It is tough to trace a device you didn’t know it was connected to and did illegal things under your name.
Bandwidth Oriented Things
The bandwidth case can touch things around network stability. If you have been on an important call, but your roommate was streaming and playing games, you know what I mean. Flicks in network quality can become very annoying when there are important things to tackle
Information Disclosure
Is your password unique? Is it used in any other place? Does it infer something about you, like your mobile number or your date of birth? Do you know what a malicious can do with such information? Do I need to continue? 🙂
The point is to be vigilant and aware of your security. In the same way, you wouldn’t give your keys to a third person, don’t hand your network keys as well.
Stay secure, stay vigilant.