Formulating and managing online identity and access control
A comprehensive collection of articles, videos and more, hand-picked by our editors
I read that Google Inc. can access any Wi-Fi network password to which an Android smartphone or tablet has connected in the past. Is there a way to prevent mobile devices from remembering Wi-Fi passwords? What are the risks my organization faces if Google (or other companies) know my password?
Ask the Expert
Have questions about network security? Send them via email today! (All questions are anonymous)
It is possible to prevent an Android device from remembering Wi-Fi passwords. In Android 4.2, go to Settings, then Backup and Reset. Choose Backup My Data. If you don't want your device to remember your various Wi-Fi network passwords, simply unselect this option.
What becomes ambiguous now is whether Wi-Fi passwords get saved to Google's servers even after you've unselected this option. You could assume that Google does save them because when you purchase another Android device, you simply type in the username and password to your Google account and all of the settings and passwords from your previous device repopulate your new device.
In terms of security implications for your enterprise, I would say two glaring issues are immediately apparent. First, even if you personally deselect the Backup My Data option -- and even if the Wi-Fi password isn't saved on one of Google's servers -- the same cannot be said about every other Android device that has successfully connected to your organization's Wi-Fi network. In this case, I would recommend that your company implement a policy that requires a password change on a relatively frequent basis.
The second security implication that has surfaced in several forums has to do with the legal ramifications of Google being in possession of enterprise passwords. In my own uninformed legal opinion, there's not much that can be done about this. If the federal government were to serve Google with a subpoena requiring it to hand over a list of usernames and passwords, then, absent a hotshot team of attorneys employed by your organization, I would say that there's little that can be done in the way of privacy protection.
Related Q&A from Brad Casey, Contributor
Can Project Sonar, an Internet-scanning project, benefit enterprise network security? Expert Brad Casey discusses.continue reading
Does your enterprise track eliminated firewall rules? It's one of the change management best practices suggested by expert Brad Casey.continue reading
The Department of Defense is using a converged network security architecture to simplify security management. Learn about the security benefits.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.