Mar 13, 2025

WiFi Passwords Should Be Dumb

Why do people complicate WiFi passwords to the point where they either have to look it up themselves or recite them like instructions—‘Capital A, everything small,’ or ‘At the rate, 54321, dollar sign’?” It’s a password that you have to share often and input frequently, so it seems foolish to make it complex.

Your WiFi is not a bank account. There’s little incentive for anyone to hack into yours (except maybe to get free internet). If you’re worried someone can use your Internet to do something nefarious, remember that there are far less risky ways to do shady stuff (VPNs, residential proxies) as compared to using something that requires close proximity.

Even for a determined attacker, hacking the WiFi password is extremely difficult—unless, of course, you’re using a very commonly used password.

A possible attack vector is to sniff the handshake packet on WPA2 (using aircrack-ng), which will give them the PBKDF2 hash. The attacker, then, can brute-force gazillions of passwords against this hash.

Here’s the catch though: ​PBKDF2 is a computationally expensive function. The iteration count parameter of the function dictates the algorithm to hash the input that many times. For eg, WPA2 fixes the iteration count to 4096. So, the underlying hashing algorithm (SHA1) would need to run 4096 times to generate one candidate hash. Even with a powerful system, that would only amount to testing a few hundred to a thousand hashes per second.

​Coupled with the fact that the attacker wouldn’t know the password scheme you use, the effort/reward ratio is simply terrible here.

So, if you’re not using a super-commonly used password (e.g, 12345678), I wouldn’t worry about anyone hacking your WiFi. Besides, is the password even a secret? Most people don’t have any qualms about handing it out to anyone who asks.

WiFi passwords should be easy, dumb, and pronounceable. Something you can remember and say easily, and the other person gets it without confusion. Two easy words. A single phrase. A single long word.

And that will be enough! Security is important—but Wi-Fi passwords don’t need the same level of security as your online accounts.

Follow Me!

I write about things that I find interesting. If you're modestly geeky, chances are you'll find them too.

Subscribe to this blog via RSS Feed.

Don't have an RSS reader? Use Blogtrottr to get an email notification when I publish a new post.