Options
Do some places offering free wifi go OTT on passwords?
jsmith99
Posts: 20,382
Forum Member
✭✭✭
I was in the British Library last Thursday, and wanted to check whether a train was on time. So I clicked for free wifi. I was asked my email address - fine. I was then told my username and password had been mailed to that address.
Luckily, I had email on my phone, so I opened it.
They'd given me a username of 0ca2oez, and a password of d948cfwz ( a minor but consistent change to each). In tiny font, and no option to "click here and be logged in".
Yesterday, I was again in the BL, and wanted to check train times. Alas, I made a tiny slip in entering one of these. I was then taken to a page where I had to input my old password, and a new password twice.
It then told me I hadn't there was a difference between the two new passwords (though how I could mistype "qqqqqq" I don't know). Okay, went through the whole routine again - and was then taken to a login screen to enter my details again.
I'm sorry, but this is a place which offers free wi-fi to anyone who asks for it. Why on earth does it need more elaborate security than many banking systems?
I've had free wifi in many places, here and abroad. I have a spare email address for places which want it, and if they want my phone number, then I stop the process.
Luckily, I had email on my phone, so I opened it.
They'd given me a username of 0ca2oez, and a password of d948cfwz ( a minor but consistent change to each). In tiny font, and no option to "click here and be logged in".
Yesterday, I was again in the BL, and wanted to check train times. Alas, I made a tiny slip in entering one of these. I was then taken to a page where I had to input my old password, and a new password twice.
It then told me I hadn't there was a difference between the two new passwords (though how I could mistype "qqqqqq" I don't know). Okay, went through the whole routine again - and was then taken to a login screen to enter my details again.
I'm sorry, but this is a place which offers free wi-fi to anyone who asks for it. Why on earth does it need more elaborate security than many banking systems?
I've had free wifi in many places, here and abroad. I have a spare email address for places which want it, and if they want my phone number, then I stop the process.
0
Comments
Was in Portugal for a month and most restaurants including Mcdonalds had passwords printed on door or on the counter, the local large supermarket did not even need a password
If somebody is allowed on to the wifi and they run a malicious process, they can 'trick' other machines on the wifi to think they are in fact the DHCP / DNS server. If you are able to guess the password then the risk is somebody could sit outside and intercept machines on the wifi. If you make people validate their email or make the password more secure it makes things a little harder for criminals or people with malicious intent.
There are places like that in the UK as well - you don't always have to register in the UK
Why would anyone have to guess a password, when the server is quite happy to give anyone a username and password? It's the difficulty surrounding using it which is the point I'm making - why?
Actually, that's what I was trying to do, using my National Rail app. If you mean ring them, I didn't have the numbers.
I think the poster meant, why not just use mobile data?
I got in my head that you were using a laptop, but managed to get the credentials via 3G.
I tend not to if I can avoid it. Especially when I'm in a "free wifi" area.
To keep it simple, I didn't mention that I had wifi access as soon as I'd opened the email - in fact, I must have had it as soon as I registered. It was trying to log in again the next time which caused me problems.
It does seem pointless, yes. I'm guessing the wifi setup is an off-the-shelf product and it doesn't work without the user using a userid/login. So they've configured it to be as close to that as it will allow. A tighter-configured version would only send out the logon email once, say, a bloke behind a desk has checked credentials or whatever and pressed a button.
Near to a friend, there is a tea rooms which has wifi. Their system is no more than a common-or-garden modem/router on ADSL; the old girls just give out the WPA code when people ask. Fine, and people are unlikely to get up to naugthy internet usage in the actual shop, but I was wondering if someone lived next door they could use the whole setup for free - no throttling, no firewall rules (which commercial wifi solutions would have, I should think - e.g. limiting stuff to http, https, ftp, pop, imap, smtp and a few others) just by popping into the cafe once and getting the WPA.
But why require such a complex one? I've worked at MOD and nuclear power establishments which had less vigorous passwords (okay, that was before wireless, and the systems used terminals and ethernet cables. In some cases, jobs had to be input on punched cards ).
As for the tea rooms : I've been in plenty of places abroad where there wasn't even a password. Presumably the owners took account of bandwidth and field strength when setting it up. It's possible that the building next door wouldn't have anything like a decent signal.