Essential Guide

Formulating and managing online identity and access control

A comprehensive collection of articles, videos and more, hand-picked by our editors
Q

Tips for keeping Wi-Fi network passwords secure

If Wi-Fi network passwords are accessed off Android mobile devices by third parties, it could mean disaster without the right precautions.

This Content Component encountered an error

I read that Google Inc. can access any Wi-Fi network password to which an Android smartphone or tablet has connected in the past. Is there a way to prevent mobile devices from remembering Wi-Fi passwords? What are the risks my organization faces if Google (or other companies) know my password?

Ask the Expert

Have questions about network security? Send them via email today! (All questions are anonymous)

It is possible to prevent an Android device from remembering Wi-Fi passwords. In Android 4.2, go to Settings, then Backup and Reset. Choose Backup My Data. If you don't want your device to remember your various Wi-Fi network passwords, simply unselect this option.

What becomes ambiguous now is whether Wi-Fi passwords get saved to Google's servers even after you've unselected this option. You could assume that Google does save them because when you purchase another Android device, you simply type in the username and password to your Google account and all of the settings and passwords from your previous device repopulate your new device.

In terms of security implications for your enterprise, I would say two glaring issues are immediately apparent. First, even if you personally deselect the Backup My Data option -- and even if the Wi-Fi password isn't saved on one of Google's servers -- the same cannot be said about every other Android device that has successfully connected to your organization's Wi-Fi network. In this case, I would recommend that your company implement a policy that requires a password change on a relatively frequent basis.

The second security implication that has surfaced in several forums has to do with the legal ramifications of Google being in possession of enterprise passwords. In my own uninformed legal opinion, there's not much that can be done about this. If the federal government were to serve Google with a subpoena requiring it to hand over a list of usernames and passwords, then, absent a hotshot team of attorneys employed by your organization, I would say that there's little that can be done in the way of privacy protection.

This was first published in April 2014

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Essential Guide

Formulating and managing online identity and access control

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close