We will explain the WPS button that many integrated routers usually have and what it is for. It is a fast connection method for any device, and many times you will also see that one of the lights on the router bears that name and starts to flash for a few seconds when you press it.
The article will explain precisely what it is for and the different methods for its operation. But we will also tell you about some of the risks that abusing it can have for your privacy.
What is WPS Pin?
The acronym WPS stands for wifi Protected Setup, and it is a system whose primary function is to offer a controlled way to connect to wifi by entering only an 8-digit PIN instead of the complete wireless password.
One of the main reasons this method exists is that you are at home and want to connect a device to the wifi network of your router, but you have forgotten the password. If you are in a hurry, instead of going crazy looking for the password, it will be enough to press this button that comes in most routers to establish the connection between both devices.
Using the WPS button, the system can work in different ways, although among the four most common, the most widespread is based on the exchange of PINs. The device must transmit a numerical code to the router, and in return, the latter sends the data to access the network. These are the ways the WPS system can operate :
- Using a PIN that we must grant to each device that we want to connect to the network. All routers usually have a default PIN that we can change.
- Using NFC, you only have to place the device near the router, and the information will be exchanged.
- Using PBC on devices with a built-in button so that they perform a credential exchange when pressed simultaneously.
- Using USB, the device’s credentials are physically saved in a USB; we will then pass them to the other device to connect to the network.
How WPS works?
The operation of this system is effortless. The first thing you have to do is connect to the network with your device, be it a mobile phone, a tablet, a computer, or any other with which you want to access your router.
Then, you will have to click on the WPS button on your router. When you do, what you will be doing is “opening” the wifi network generated by the router for a short period. Many routers will have a WPS indicator that will flash to tell you when this feature is active. It will be a few seconds with the network open waiting for your device, and then the WPS will automatically disconnect.
When you are with the WPS activated, your mobile will access the wifi network with the WPS method that it has configured. The common thing is that it is a PIN that appears directly on the router itself, but some of the methods we have told you above can also be used.
Why is WPS insecure?
Being able to connect to your home’s wifi network without having to remember or use a password, especially considering that the safest thing is to have a secure password other than the one that comes by default, can seem very tempting. However, abusing WPS can be dangerous for your network security, especially when you are using a router that uses a PIN to establish this connection.
First of all, when you press this button, you are opening the wifi, which means that you will disable all the security measures that you have configured for the connection, such as having a good password that is difficult to guess. When the router has methods that require that the mobile be next to it, such as NFC or USB, in theory, it is safer, although there is always the possibility of having the typical funnyman next to you who can access your wifi when you don’t want to.
If your router uses a PIN as an identification method with the WPS, everything becomes even more insecure. The first is because it usually comes attached to the router, which in itself can compromise your security. And secondly, because it usually has a maximum of 8 digits, making it an easier key to attack by brute force than if you have a good password.
Some brands use it as a security method in their routers and access point systems that block access to multiple failures in a short time. If the cybercriminal wants to access your computer via WPS, it takes less time to “find” the 8-digit PIN than the WPA2 password. There are even applications like AWPSApp for Android made to break the PIN codes they usually use.
Therefore, if you think it is a function that you will not need, it is best to deactivate it from your router’s configuration in the Wireless or Network sections of the web interface. There may be some routers that do not have the connect button, in which case you will have to try not to be tempted to use the function, and others will not.