WPS is referred to as the WI-FI Protected set up that allows you to connect to your router without a password or its Service Set Identifier (SSID) being required. Hamadi, A. (2019). WPS is intended to support WI-FI access points, wireless adapters and phones, and other electronics. It is however important to turn off your WPS sometimes since it exposes your router to pin-guessing attacks from hackers.
WPS technology was introduced in 2006 by Wi-Fi Alliance to relieve the struggle of home users and enable them to add new devices into the network easily
How does WPS work?
You first press the WPS button at the back of your router mostly located near the Ethernet ports. Take the device you want to connect the network to and press the WPS button. The device will connect automatically without requiring you to feed any information.
When using WPS you will not always have a button to press as other devices require you to enter an eight-digit code that can be found on the set up’s configuration page.
The code cannot be altered by the user because it is created automatically.
Reasons for disabling WPS settings of your Router
Let us look at the two ways in which WPS is implemented and how both ways can compromise its security.
Push Button Connect (PBC)
Push-button connect is one of how you can connect to a router by pressing buttons on it and the WI-FI client. Like any other sharing device, WPS pairing is active for a short time before it times out similar to Bluetooth pairing.
This makes it easier for any person visiting your home to access your Wi-Fi network by pressing the WPS button on your router because it does not have any remote security problems.
The riskiest part of WPS is the router PIN. For you to connect to your router, you need to enter your router WPS password or pin code that is set in by the service providers and cannot be changed but appears on every router at the bottom.
For this reason, if you have a visitor to your home, they can take a picture of the pin and easily get access to your WI-FI network.
One can also keep guessing the possible pin to your router over and over again until they get it right. There are close to 100 million possible codes and therefore your 8 digit code can easily be cracked.
Of the eight digits, seven of them are not corroborated in a row, the Wi-Fi client sends the first four digits over the router to be authenticated followed by the last three.
You can guess the first four digits 11,000 times in a short time on your computer given that four digits are 10,000 code possibilities and three digits are 1,000 code changes.
Lastly, an attacker can set up a Wi-Fi device to send WPS push button requests to your router every 20 to 30 seconds if they are desperate enough and they will succeed even though it will take months.
When initiating the WPS technology, you might require registration for both methods of implementation between a new device and active wireless use. It is also important to deactivate the WPS setting on your router because as highlighted in the article, it is a new technology that is not very secure.
How to disable the WPS settings of your Router
- To begin with, open your browser.
- Enter your router’s Internet Protocol (IP) address by logging into your router’s configuration page and typing the address in the browser such as http://192.168.1.1, http://192.168.100.1.
- The next step of deactivating the WPS setting may vary from router to router since every manufacturer has its own configuration interface.
For instance, on an Asus router, you enter the administrator username and password followed by selecting advanced settings wirelessly, choosing WPS from the tab, and finally moving the enable WPS toggle switch to the off position.
Whereas for a Belkin router, after entering the router password and clicking submit, you select WPS under the wireless menu on the left side of the screen, change the WPS drop-down list to disabled then select apply changes