- Jan 24, 2011
- 9,378
Before Wi-Fi Sense shares your passwords, you have to manually opt-in for every network.
First, a bit of anti-scaremongering. Despite what you may have read elsewhere, you should not be mortally afraid of Wi-Fi Sense. By default, it will not share Wi-Fi passwords with anyone else. For every network you join, you'll be asked if you want to share it with your friends/social networks.
With that out of the way, let's talk a little bit about how Wi-Fi Sense works in Windows 10.
What is Wi-Fi Sense in Windows 10?
Like a few other Windows 10 features, Wi-Fi Sense started its life in Windows Phone. The version of Wi-Fi Sense in Windows 10 works in much the same way as the smartphone version: it automatically connects to any Wi-Fi hotspots that have been "crowdsourced" by your friends and acquaintances. If they have joined the network in the past, your PC will automatically join the same networks, without prompting you for a password. In theory, this is more convenient than connecting to Wi-Fi networks manually, while also minimising any mobile data consumption.
By default, if you choose Express Settings during the installation process, Wi-Fi Sense is turned on in Windows 10. However, it doesn't actually do anything until two things occur:
- First, you need to sign in with a Microsoft account. Wi-Fi Sense won't work with a local account.
- Whenever you connect to a new W-Fi network, it asks if you want to share it with other people.
Fortunately, it appears that Wi-Fi Sense does not share credentials from networks that are secured with additional authentication protocols, such as corporate networks that use 802.1x EAP. However, if your office Wi-Fi is secured with a simple WPA/WPA2 key, you probably shouldn't share that network with Wi-Fi Sense.
Does Wi-Fi Sense reveal my passwords?
One of the perceived issues of Wi-Fi Sense is that it shares your passwords with other people—people that you may not know very well, in the case of your Skype or Outlook contacts.
For a start, when a Wi-Fi passkey is shared with your PC via Wi-Fi Sense, you never actually see the password: it comes down from a Microsoft server in encrypted form, and is decrypted behind the scenes. There might be a way to see the decrypted passkeys if you go hunting through the registry, or something along those lines, but it's certainly not something that most people are likely to do.
Perhaps more importantly, though, just how sacred is your Wi-Fi password anyway? Corporate networks notwithstanding (and you shouldn't share those networks with Wi-Fi Sense anyway), most people give out their Wi-Fi keys freely. You could even argue that Wi-Fi Sense is more secure: if I ask Adam for his Wi-Fi password, I am free to give it away to anyone. If I receive the password via Wi-Fi Sense, I can still connect to Adam's network, but I can't tell anyone else the password.
It's also worth noting that Wi-Fi Sense passwords are stored "in an encrypted file on a Microsoft server." Depending on Microsoft's infosec protocols, this is either completely fine and dandy, or a potential goldmine for wardriving hackers. Again, as long as you don't share the passkey from your workplace's Wi-Fi network, the potential security risk is low.
Microsoft says that Wi-Fi Sense only shares your passwords with direct friends/contacts, and not friends-of-friends. So, for example, if Adam shares a passkey with Beth via Wi-Fi Sense, Beth cannot then use Wi-Fi Sense to share Adam's passkey with her friend Cathleen.
Ultimately, Wi-Fi Sense probably isn't the most secure feature in the world, but it isn't that bad either. As with many things in life, you have to choose between convenience and absolute security. For most users, the added convenience of Wi-Fi Sense will probably win out. If you're concerned about security, just turn Wi-Fi Sense off.
Read more: http://arstechnica.co.uk/gadgets/20...ares-your-passkeys-no-you-shouldnt-be-scared/
