How to reset Wifi password

[kib]

I have no idea what the "WPA / WPA2" setting is meant to mean. You cannot switch encryption automatically (when you think about it that would serve no security benefit at all) and WPA has a totally different encryption from WPA2.

Edit: i just looked it up in the FritzBox manual (i used FRITZBoxFonWLAN7170v2_nl.pdf but i am sure it's similar in others) and discovered something weird. Factory default setting for these devices is a combined WPA(TKIP)/WPA2(AES) setting called "WPA+WPA2" which is setup so most people will be able to connect. This is a self-made setting, which does not follow the RFC guidelines and therefore will not work with all devices. (Especially not ones that follow the guidelines). It is basically a wifi setting that accepts both type of encryptions with the same password at the same time, from security perspective this is nonsense as the weakest link (eg. WPA encryption) will always be the true protection from anyone trying to get in. Th only added benefit would be 'security through obscurity' where people are unable to crack your network because its encryption is undocumented and unregular.

In other words, this is a weird Fritz!box issue. (possibly speedport as well)

People - if you have issues with WPA - check your wifi settings to be WPA-Personal or WPA2-personal, not some other (non existing or enterprise) version of WPA!

[kib]

the creator of the fritzbox Wrote:I got this brand new security system on my house. It has a retina-scanner and a fingerprint scanner and a normal key lock so it's super secure! If you pass any of the checks you can enter the house...

:mrgreen:

[a3berk]

Hello,

Followed the suggestion and set the FRitzbox tot WEP and then back to WPA-PSK/WPA2-PSK. Does not work.
Same procedure and setting back to WPA2-PSK only works correctly.

thanks for the help.

[kib]

yeah, the WPA/WPA2 setting in the fritzbox turns out to be a non-compliant setting that Fritz!Box have conjured out of thin air.

In other words: it is not an official encryption standard, but something they created themselves.
Do not use it, it is not safer then just using WPA-Personal

[kwadruppel]

for completeness sake, my FRITZ!Box 7170 doesn't explicitly show WPA2-Personal: [attachment=0]
TKIP(WPA) also worked (google seems to prefer CCMP slightly over TKIP?). Both required the SSID to be visible before i was able to select the network on my 1.2.2 20100121 Neo GUI (it was visible with 'empty' network name, but not selectable).

[kib]

kwadruppel Wrote:TKIP(WPA) also worked (google seems to prefer CCMP slightly over TKIP?). Both required the SSID to be visible before i was able to select the network on my 1.2.2 20100121 Neo GUI (it was visible with 'empty' network name, but not selectable).

First item in the list is WPA-Personal. (First encryption, then the name of the standard)
Second item is WPA2-Personal. (First the name of the standard, then encryption)

Facts
WPA-Personal uses encryption called "trusted key integrity pair" (TKIP). You login with a pre-shared key (PSK).
WPA2-Personal uses an encryption called CCMP. You login with a pre-shared key (PSK).
WPA2 is more secure then WPA, which has some implementation mistakes which make it vulnerable.

Your password could easily be cracked by using rainbowtables, if you do not change the SSID and use a long random password. Always change your SSID to something you made up. Always use a long password. The usage of special characters is encouraged.

Security concerns
Making your SSID invisible or using MAC-address filtering are examples of 'security through obscurity', also known as 'not security at all'. These so-called security options might deter your neighbour, they will not deter someone trying to break into your network for longer than 2 minutes. Every special character you add to your password will make cracking it take exponentially longer.

Miscellaneous
Non-visible SSIDs should not be viewable by browsers (although they can still be detected). This is a bug in the Boox firmware which is showing these networks where it should not (by RFC standard).