ISP's that secure Customers wifi with the customers phone number.

[+Warwagon MVC]

On 12/18/2016 at 12:47 PM, Anibal P said:

 

Not Comcast, and likely illegal or against net neutrality rules 

 

 

 

 

 

Doesn't sound like Frontier either, but now that i think about it, around my GF's neighborhood, there are a lot of CenturyLink Wifi access points. I looked up the house addresses on google to find phone numbers to tr to connect with, but no luck on any of them. Then again they were all just called Centurylink with a number after it, so no idea who's was who. 

 

The question was asked on facebook "Do you know how to change your wireless password in the router? Not in your phone or tablet but the password all your devices use to connect to the wifi."

 

At the moment the poll is 57% yes and 43%. Everyone who voted yes so far, All but 3 are Neowin members (Steve, Rich, and Goretsky, Keven and myself) and the other 3  are people that I know are tech-savvy.

[LUTZIFER]

Where I live, many years ago, our ISP by default used our phone numbers as the wifi password.

Was very easy to use someone's wifi back then, just had to look up the neibor or businesses phone number and it was usually the password still, lol.

[DaveLegg Developer]

It wouldn't be too difficult for the makers of the modem/routers ISPs supply to customers to set them up with a captive portal style page that doesn't allow them internet access until they've set their own password for the router and the wireless network. They'd automatically be sent to it when the first plug in the router, so no issue with having to understand and type the correct IP address etc.

[Obi-Wan Kenobi]

You had me until DSL. Sorry, get a better ISP.

[adrynalyne]

1 hour ago, Obi-Wan Kenobi said:

You had me until DSL. Sorry, get a better ISP.

This should be an interesting response. What kind of Internet and speeds are you paying for?

[+Warwagon MVC]

On 12/19/2016 at 4:30 AM, adrynalyne said:

This should be an interesting response. What kind of Internet and speeds are you paying for?

 

 

 

 

Not sure why frontier still has any customers. They are slow as pee and every time it rains service for people drops out. Premier, on the other hand has speed up to 150 megs which I just called about.  I asked them what is the fastest speed they offer. Apparently for the price I was paying for 100 megs I could now get 150 megs, so I upgraded. It's $73 for a month for 150 megs. But it's deductible and in my line of work for downloading TONS of windows update and software, it's worth it!

 

[+Warwagon MVC]

On 12/17/2016 at 8:49 AM, BudMan said:

Well that's pretty useless, can hack something like that in a matter of minutes..... That isn't much better than just using someones phone number

 

 

2

So after creating this thread I did some research into Cracking a Wifi Password, and yep you are correct that would take a matter of minutes. It actually takes less time to crack someone's phone number than I thought it would.

 

Just a blanket area code 515?d?d?d?d?d?d? would take about 4 mins to try all combinations and if you knew the city 515654?d?d?d?d ... ya that would be cracked in a blink.

[+BudMan MVC]

So kind of related to this.. My son just got a new router and I set it up for him.. It used WPS out of the box with a 8 digit pin that was printed on the bottom of the router. 

 

This was simple to get in and setup the router.  But I would not leave WPS running.. It has been a known flaw for years.. But it was simple enough connect to the router for setup with it. 

 

As I have been saying.. Does not matter what the isp or the maker of the router uses for the initial connection.  Once that has been setup, leaving it at what the initial setup was is 100% on the user!!!  If they do not change it - it really doesn't matter what they use since its not really going to be secure.. Unless the default was some 20 character random with a random ssid as well.  Because if they don't change the ssid, and you know what the parameters of the psk are it would be simple enough to create a rainbow table of the all the combinations.. And if the ssid isn't unique then its the same salt..

[+Gary7 Subscriber²]

My ISP does not do this, they use customers that can remember their passwords. If they did , I would find another provider..

[JoseyWales]

I had something similar to this happen awhile back.. I had ordered some code from a site and my email had my password in the subject line... I told them about it but to this day, every email i get from them is the same..

[tsupersonic]

That's bad design. This is why I bought my own modem and router. Plus, I don't like paying the rental fee for equipment. It's $8/mo to rent a modem from Time Warner, so I bought a Zoom 5341J for $50 at Best Buy. It paid for itself in 6/7 months, and is way more robust than whatever TW provides.

[Mando]

customers phone numbers as passwords lol they wouldnt get away with that over here.

 

Funnily enough I see it quite a bit with end users at work, no <insert user> not a good idea having you or your partners mobile number in part of your password. /faceplant

 

some of us can only get DSL/DSL2. No other option.

 

 

 

 

[+Warwagon MVC]

Going to give this thread a bump because. Since I'm the OP and it's still very widespread over here. Just helped a local business change their wifi password. Frontier had just installed a new modem/router when I walked in to do a repair I asked them if this "the phone number" was their password and they said yep. The SSID was also the name of this particular business. So wouldn't be hard to ask Google for the phone number.

 

I'm still going to agree and disagree about the user changing the wifi password. On the one hand, I absolutely agree they should change the password. But I disagree that they have any clue how to do it. Find 10 non-techy people and ask them if they know how to change the wifi password in the router.  Actually, i'm going to create a poll on my facebook page and ask the question. Who knows maybe the results will surprise me.

 

I think they fed me a cup of ######. If what she says is true, the tech must be "Suggesting" to the user to use their phone number as their password, and the user doesn't know any better and agrees to it. This is also something the tech should never do. As it would be a horrible suggestion.

[+Warwagon MVC]

So my poll on Facebook has ended.

 

 

Now out of the 13 people who voted yes, if remove all of the techie friends from Neowin who voted (who obviously know how to change their wifi password)

 

Kevin

Steve

Rich Woods

Aryeh Goretsky

Justin

 

it would be more like 36% Yes 63% No

 

Now if we remove all the techy people in general who voted and just left the people who I would consider "average users" it would be.

 

22% Yes 77% No