Manage Learn to apply best practices and optimize your operations.

Tips for keeping Wi-Fi network passwords secure

If Wi-Fi network passwords are accessed off Android mobile devices by third parties, it could mean disaster without the right precautions.

I read that Google Inc. can access any Wi-Fi network password to which an Android smartphone or tablet has connected in the past. Is there a way to prevent mobile devices from remembering Wi-Fi passwords? What are the risks my organization faces if Google (or other companies) know my password?

Ask the Expert

Have questions about network security? Send them via email today! (All questions are anonymous)

It is possible to prevent an Android device from remembering Wi-Fi passwords. In Android 4.2, go to Settings, then Backup and Reset. Choose Backup My Data. If you don't want your device to remember your various Wi-Fi network passwords, simply unselect this option.

What becomes ambiguous now is whether Wi-Fi passwords get saved to Google's servers even after you've unselected this option. You could assume that Google does save them because when you purchase another Android device, you simply type in the username and password to your Google account and all of the settings and passwords from your previous device repopulate your new device.

In terms of security implications for your enterprise, I would say two glaring issues are immediately apparent. First, even if you personally deselect the Backup My Data option -- and even if the Wi-Fi password isn't saved on one of Google's servers -- the same cannot be said about every other Android device that has successfully connected to your organization's Wi-Fi network. In this case, I would recommend that your company implement a policy that requires a password change on a relatively frequent basis.

The second security implication that has surfaced in several forums has to do with the legal ramifications of Google being in possession of enterprise passwords. In my own uninformed legal opinion, there's not much that can be done about this. If the federal government were to serve Google with a subpoena requiring it to hand over a list of usernames and passwords, then, absent a hotshot team of attorneys employed by your organization, I would say that there's little that can be done in the way of privacy protection.

This was last published in April 2014

Dig Deeper on BYOD and mobile device security best practices

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.