Cool password bro



  • I'm using the router provided by my ISP, because (1) I have to use it anyway because there's no other way to connect and (2) it's better than any of the routers I already had when I last changed ISPs.

    A couple of weeks ago, the internet was down, and I called tech support. After a brief conversation in which I explained I know what I'm doing and my connection to the router is working fine, the tech support guy said it is connected to the internet but was somehow misconfigured to not pass traffic (something about MTUs and all those other similar acronyms - the parts of the router I never touched). The tech support guy solved the problem quickly and efficiently.

    Then, just before we finished the call, he commented "Heh, cool, I like your WiFi password!", probably just to make sure I wasn't actually happy with the service.



  • @configurator said:

    "Heh, cool, I like your WiFi password!"



  •  Are you certain he actual meant your password rather than your SSID?  That would be the type of terminology error you'd expect from ISP tech support, and would be vastly less upsetting information for them to have access to.



  • @stationary said:

     Are you certain he actual meant your password rather than your SSID?  That would be the type of terminology error you'd expect from ISP tech support, and would be vastly less upsetting information for them to have access to.


    Unfortunately I am. He mentioned the length, etc.

    My guess is they simply have access to the exact same interface to manage the router as I do when I access it from within my network, so they'd see the same stuff as me - which includes the password.


  • Considered Harmful

    @configurator said:

    which includes the password.

    TRWTF


  • Trolleybus Mechanic

    @joe.edwards said:

    @configurator said:
    which includes the password.

    TRWTF

     

    I'm assuming he means the wifi password, and not the base-station management password.

    In which case, it isn't TRWTF. The password is pretty much a "soft" password. It's what gets written on chalkboards at coffee shops, and shouted across the room when your buddy's over and goes "Hey, man, what's the wifi password?"

    It needs to be long and complex enough to keep out wardrivers and neighbours, but insecure enough that its effectively a known secret and disposable.

    If anyone manages to log into your base station, the last thing you need to worry about is that they know your wifi password.

     



  • I worked for a project once where users' account information was stored in a SQL table, with a field called "Password" (whose contents were not encrypted). I was shocked how many people use egotistical passwords like "iamtheman" and "Eric!sSupahC00L". Every time I set or change a password, I picture someone on the other end wondering why I like beer and Smurfs so much.


  • Considered Harmful

    @Lorne Kates said:

    In which case, it isn't TRWTF. The password is pretty much a "soft" password. It's what gets written on chalkboards at coffee shops, and shouted across the room when your buddy's over and goes "Hey, man, what's the wifi password?"

    It needs to be long and complex enough to keep out wardrivers and neighbours, but insecure enough that its effectively a known secret and disposable.

    I have a guest SID that has a password I give out, that is isolated so that it can access the Internet but not other IPs on the local subnet, and a private SID whose password I do not give out. Granted, wireless protocol passwords can still be pretty trivially cracked, but I wouldn't just invite acquaintances where they could easily access my PCs.

    @Lorne Kates said:
    If anyone manages to log into your base station, the last thing you need to worry about is that they know your wifi password.

    I was more concerned about passers by that might look over your shoulder.


  • Trolleybus Mechanic

    @joe.edwards said:

    @Lorne Kates said:
    If anyone manages to log into your base station, the last thing you need to worry about is that they know your wifi password.

    I was more concerned about passers by that might look over your shoulder.

     

    If someone is a passerby in your living room, the last thing you need to worry about is that they know your wifi password.

     



  • So what is your WiFi password? FTR mines lkjhgfdsa. SSID has been "Outnumbered" since the birth of my twins.



  • @Zemm said:

    So what is your WiFi password? FTR mines lkjhgfdsa. SSID has been "Outnumbered" since the birth of my twins.

    It's a highly recognizable misquotation from a class video game.



  • @configurator said:

    My guess is they simply have access to the exact same interface to manage the router as I do when I access it from within my network, so they'd see the same stuff as me - which includes the password.

    Every consumer router I've ever seen that allows access to the management interfaces from the WAN side has a setting to turn that off. It's usually labelled "remote management" or similar.

    On the other hand, I've not yet played with one of those new fangled Cisco/Linksys things that makes you set up a cloud account before you can do anything else with it. If that's what you've got, I'm not sure there is a way to keep Cisco's eyeballs out of your stuff.



  • @flabdablet said:

    Every consumer router I've ever seen

    It's not a consumer router. It's the ISP's router. One of its features is that they can setup things I can't, and in fact they can even disable local management.



  • @configurator said:

    It's a highly recognizable misquotation from a class video game.

    I'm going to go ahead and assume it has something to do with your base and who it now belongs to.



  • @flabdablet said:

    Every consumer router I've ever seen that allows access to the management interfaces from the WAN side has a setting to turn that off. It's usually labelled "remote management" or similar.
    If it's an ISP-provided router+modem all-in-one, it usually doesn't have that setting (or it's ineffective, at least as fas as the ISP is concerned). One of the ISPs here recently started issuing modem/router combos that can only be configured through the ISP service pages - not on the router itself (or at least that's how it's supposed to work - when I encountered them a few months ago, the service pages weren't ready yet, so you had to call tech support).



  • @Zemm said:

    I'm going to go ahead and assume it has something to do with your base and who it now belongs to.

    I didn't say it was English. It's a quotation that most people remember wrong, and is wrong (on purpose) in my password.



  • @configurator said:

    @Zemm said:
    So what is your WiFi password? FTR mines lkjhgfdsa. SSID has been "Outnumbered" since the birth of my twins.

    It's a highly recognizable misquotation from a class video game.

    There's a pie creepin' 'round here

    FOR THE GOURD

    public static void brain



  • @configurator said:

    It's not a consumer router. It's the ISP's router. One of its features is that they can setup things I can't, and in fact they can even disable local management.

    Fair enough. I feel your pain; there's a similarly upstream-managed router connecting the school I netadmin to the VPN that lies between our cluster of schools and the wider Internet.

    However, at our site that's now the only thing that router does. It no longer manages our local cross-subnet access policy, and it certainly doesn't control our WAPs.

    It probably could seize control of or at least screw up DHCP on our LAN if upstream chose to make it do that, but so far they have shown no inclination to do so.



  • @configurator said:

    @Zemm said:
    I'm going to go ahead and assume it has something to do with your base and who it now belongs to.
    I didn't say it was English.
     

    And yet tech support recognised it? I'm inclined towards FussRoDah or something equivalent.

     



  • @Cassidy said:

    @configurator said:

    @Zemm said:
    I'm going to go ahead and assume it has something to do with your base and who it now belongs to.

    I didn't say it was English.
     

    And yet tech support recognised it? I'm inclined towards FussRoDah or something equivalent.

     


    D'oh! I meant it wasn't Engrish.



  • @Manni_reloaded said:

    I worked for a project once where users' account information was stored in a SQL table, with a field called "Password" (whose contents were not encrypted). I was shocked how many people use egotistical passwords like "iamtheman" and "Eric!sSupahC00L". Every time I set or change a password, I picture someone on the other end wondering why I like beer and Smurfs so much.

    Call it overconfidence, psychopathy, or just American culture, but that's how we are. Enthusiasm is mandatory... about anything and everything, until something better comes along. If you go to other countries, their passwords are probably crap like "H0norableGrandfather" and "FranjoHasHepC."



  • @configurator said:

    @Cassidy said:

    @configurator said:

    @Zemm said:
    I'm going to go ahead and assume it has something to do with your base and who it now belongs to.
    I didn't say it was English.
     

    And yet tech support recognised it? I'm inclined towards FussRoDah or something equivalent.

    D'oh! I meant it wasn't Engrish.
     

    Not Engrish, highly recognizable and related to home network security? Why am I thinking this is related to abducted royalty not residing in the present fortified bastion...

     



  • @Ragnax said:

    Not Engrish, highly recognizable and related to home network security? Why am I thinking this is related to abducted royalty not residing in the present fortified bastion...

    That's the one! And the SSID is 1up.


Log in to reply