You’re right! On second thought, it is overkill! Removing and reinstalling the SIM card is not necessary in most situations. However, a high entropy PSK is necessary in all situations to secure the device from unauthorized users. 

You think… but your actions miss opportunities to tell people to strengthen wireless security. Your thoughts they may be but those thoughts are not representative of your actions which dance around changing the SSID and PSK. Anyone complaining about excessive data usage needs to be told to lose the default red flag that attracts hackers and strengthen the default PSK and no one in these forums is doing that.

An i7 3630 and video card can try all 4.294 billion 8 character lowercase hexadecimal passwords, in minutes. It sounds to me like you have no idea what brute force may be doing to those complaining about data usage.

Find a back door… What back door?  You cannot expose a WPA or WPA2 pre-shared key! This is a primary requirement of the original WPA specification. A WPA or WPA2 PSK that is not 64 characters is combined with the SSID to produce the 256 bit hash used to encrypt/decrypt the data. The 256 bit hash could careless about the PSK’s length. The idea that WPA2 works different with a 63 character key, is wrong.

You haven’t posted this URL to someone that could benefit from it, because…? Not in the times I’ve seen where you could have or should have, but failed too. Never the less, the information contained is dated. A minimum of 12 to 16 characters has been recommended for “passwords” for sometime. However, Wi-Fi does not use a password, Wi-Fi uses a pre-shared key and experience with such is preferable to Microsoft’s basic password advice.

The device doesn’t need to be on 24/7, in only needs to be on long enough to capture a couple hundred packets. Any i7 and video card can then determine the default Wi-Fi Password in minutes. So, in effect, it can be broken into when it is off! But since the whole process can be done in less than 30 minutes, off just means waiting longer to verify the found PSK works.

We have gone over 3 GB in just a few days on the Mifi only, not including phones!!  No music, no movies, etc.  My bill is overdue so it wont let me change the plan and up the data!!  That'll be another $45.  Great........

My apologies if you assumed I was some kind of a cryptology or security specialist.  Let me say right now that I am not.  Nor do I have experience at hacking WiFi passwords except to patch up known issues when I hear about them.  Security is simply not my area of expertise.

In my experience with these VZW devices a high entropy password is not necessary and provides more of a burden than a benefit to the end user.  I agree that a basic level of security should be applied when operating these devices.  Anything beyond that is helpful but ultimately not going to be useful.  Regardless of any vulnerabilities I hope you understand that crying hacker should not be used as a cop out instead of investigating into and fixing what may be a real problem.  I see far too many data usage threads to think that a hacker is behind a significant portion of them.

If the default password criteria is such a vulnerability then please provide us all with some documentation to support it.  I'm happy to educate myself and share with others if you are.  I try not to comment on things I do not understand.

I followed up on the advice you shared regarding Googling how to secure your WiFi network.  The results here did not share with me anything new regarding a best practice to configure all WiFi passwords with high entropy.  In fact all of the top links that I found from the search failed to mention anything beyond a 12 character suggestion.  More is always better, but is not specifically stated in any of the resources I found.

A good test to keep password entropy in context would be to test a similar password on this site: https://howsecureismypassword.net/.

Here you can play around and test out a similar password (not your actual) and see how long a brute force attack would take to crack. A basic password with 12 characters, uppercase, symbol and numeric would take 4000 years to crack.  I think that is sufficient for my WiFi security concerns.  Jazz it up and remove common words and you will see your results increase accordingly.

Again, all this password security talk is referring to a brute force attack on a WiFi password.  I mentioned backdoors and other loopholes before which I feel is more of a concern.  For example WEP has a fundamental flaw in it that allows an attacker to crack it within moments.  This is due to the technology involved, not the password entropy involved.  Likewise there was also a large WPS vulnerability exposed a while back.  This allowed an attacker to brute force his way into a router without having any involvement with connected clients at all.  There is also a fairly new vulnerability out there for Linksys routers that exposes the admin credentials when Remote Access is enabled.  If an attacker gets the admin credentials then no amount of password entropy will secure you.

Yipes, CW72421! I'm alarmed by the pending overages, but also puzzled by your statement that a past due balance prevents you from changing your plan. I hope to clear something up. Unless your past due balance has caused your account to be suspended, you can change your plan to increase your allowance (assuming you don't already have a plan with the maximum offered allowance). If your service is not suspended, I recommend contacting VZW Customer Care about this concern at 800-922-0204 as soon as possible!


DionM_VZW
Follow us on Twitter www.twitter.com/vzwsupport

(removed)

I’ve been using Wi-Fi since it was invented. High entropy wireless security effectively provides a method as close to using the security of an Ethernet cable as you get, without the cable. If you think high entropy is a burden and unnecessary that is unfortunate.

In my experience with Wi-Fi, the burden you speak of is based (removed) the lack of a thorough understanding of the equipment involved and the procedures necessary to implement the required changes across the board. It’s easier to leave it alone. It’s easier to push the button. It’s easier to remember something cute and type it. Strengthening network security is always useful.

I follow the first service rule, “Listen to the complaint!” A clue to the problem is often in the complaint. Diagnostics happen when the complaint does not yield useful clues. When a useful clue is present in the complaint, follow it. With few exceptions, anyone with Wi-Fi should strengthen wireless security beyond the manufacture’s default. This unwillingness to tighten wireless security has been going on for 14 years. It didn’t just start when Verizon Mifi came along. (removed)

As soon as I saw the 8 character lower case hexadecimal password on a Verizon Mifi device, I knew instinctively it was a problem. I don’t need a document to tell me this. (removed)

Comment edited as required by the Terms of Service.

Message was edited by: Admin Moderator

Let me see if I understand this, you spent 20 minutes on Google and left with more of the same misconceptions. I got 4 million years with a 12 character password. Obviously, you’re doing something wrong.

In your hast, to make your case, you made mine! 11 minutes, that’s how long your site says it will take to hack the default password on my Verizon MiFi 5510L.

Don’t use WEP! Turn off WPS, and buy another brand router. I wouldn't worry about backdoors and loopholes and turn your attention instead to that slightly better than 12345678 default password on Verizon Mifi devices.

Lets keep this conversation classy and to the facts.  Its alright to disagree but lets leave the personal snipes out of it.

If your opinion is that everyone should have a 64 character password then that is fine.  I am still waiting to see some kind of evidence to support a claim that the benefit of managing such a password out weighs the inconvenience.  A 20 minute Google search should have turned up more evidence to support such a claim if that was necessary or a new security trend.  How come no one else is supporting such a view? Where should we be looking to educate ourselves?  Rather than calling everyone lazy and incompetent here is your chance to show us something concrete.  I already mentioned I am happy to learn and change my ways.

Lets be clear, I do support changing the default password on all MiFis.  That is a basic and simple step everyone can see the benefit of.  Where we disagree is how much more entropy is required to provide acceptable security beyond that.  How about we agree on some kind of a benchmark instead, say 5000 years according to a site of your choosing?  Is the website I linked not creditable enough?  If not then provide us with a better one.

Perhaps we should start a new thread on this subject to get to the bottom of it.  I feel we are no longer addressing the concerns of the OP and other posters at this point.

Thanks for clarifying, RichardLA!  Have you had a chance to review your bill details to see if you notice any unusual data connections or long data sessions?  I want to ensure we can pinpoint the cause of the higher than normal data usage.  Keep me posted.

AnthonyTa_VZW
Follow us on Twitter @VZWSupport