Pardon me while I rant.
This week, the world seems to have gone a little more insane. I’ve upgraded to Win10 over the weekend — after figuring out how to get my Wacom pad to work in some sort of reasonable manner (the Wacom drivers don’t really like the touchscreen drivers that don’t really like the… there’s a song about this, right?), and figuring out a few settings here and there, it seems to be a bit faster than Win8.1, and generally okay. Except one thing.
The entire idea that anyone I give a WiFi password to can share it with the entire world through WiFi Sense is insane. Yes, I know, “it’s only your friends.” But if I give my WiFi password to a friend so they can jump on my network, they will now be able to share it with their friends automatically. And the only way to control this is to put “_optout” at the end of my SSID? Suddenly your SSID is not just a name, but it’s also a bearer of policy.
This is a really bad idea.
Repeat after me: naming should never be conflated with policy. No network or other policy action should ever be based on what a publicly accessible name is. You might use the name of something to jog your memory about the security level a device needs, or a specific set of filters around that device, but don’t tie policy directly to a name.
Which leads to this conclusion: Even if you’re not using Windows 10, even if you don’t ever plan to install Windows 10, you now need to:
- Institute a regimen of changing your WiFi key on a regular basis (don’t worry, your kids will stop nagging you about the constant changes after a while)
- Make certain you have a properly working guest network which doesn’t have access to any internal devices
- Never, ever, give out your “primary” WiFi password
Again, these are all pretty standard security things to do, but Microsoft has just made them mandatory for any user, and any company, that cares about their security — even for your grandmother’s WiFi.
Or maybe we should actually thank Microsoft for forcing us to realize that we need to practice good hygiene, even on our little home routers and WiFi access points?
Okay, done with my rant — you can now return to your regularly scheduled Packet Pusher’s content.