WLAN security standards and products have made great strides over the last decade. However, security options are still only effective when enabled and properly configured. A study published last week by Wakefield Research illustrates the continuing gap between consumer perception and secure WLAN use:
Wakefield interviewed 1000 representative Wi-Fi users to ask about their security beliefs and habits. A whopping 97 percent said the data on their devices and networks is "safe and secure." But many admitted to practices that place that data at risk. Specifically:
* 41 percent do not use Wi-Fi passwords that are strong enough to resist PSK crackers.
* 38 percent let their Wi-Fi devices auto-connect to strangers (unknown ad hocs and APs).
* 82(!) percent use open Wi-Fi hotspots without a VPN to protect their data.
Survey respondents did not appear to be unaware of Wi-Fi risks - just either careless or clueless. 85 percent said they understood Wi-Fi devices shouldn't be configured to auto-connect, and 86 percent said they'd enabled security on their wireless AP or router. Moreover, practices were no stronger among those who had experienced viruses or considered themselves "tech savvy." In short, many Wi-Fi users know better - but still don't take basic steps to safeguard themselves.
The Wi-Fi Alliance sponsored Wakefield's survey as part of its on-going campaign to educate users about Wi-Fi security and make secure WLAN configuration easier (notably through automation via Wi-Fi Protected Setup). But perhaps such steps will never impact that roughly one-third of the population who continue to put themselves at risk.
Perhaps the only way to improve these stats is to enforce secure WLAN use - specifically, by changing auto-connect and PSK factory defaults so that proper configuration is the norm, not the exception. The downside? Wi-Fi devices would no longer connect auto-magically out-of-the-box. At minimum, one unique 8-character password would always be required to get started. But really, is that too much to ask?
I think not. What do you think?