Comment by yannyu

Comment by yannyu 11 hours ago

6 replies

View on Hacker News

AT&T routers, for example, ship like this. There's a wifi network and a wifi password printed onto the device.

But that also means then that often anyone with physical access can easily get into the device. The complicated password provides an additional layer of illusion of security, because people then figure "it's not a default admin password, it should be good". The fundamental problem seems to be "many people are bad at passwords and onboarding flows", and so trying variations on shipping passwords seem to result in mostly the same problems.

some_random 11 hours ago

If you have physical access you can just factory reset the device and onboard it with the normal flow though

Reply View 3 replies
  • yannyu 10 hours ago

    That's fair, though at least resetting would indicate that an attack happened. Default passwords and printed passwords can result in undetected attacks, which are arguably worse.

    Reply View 1 reply
    • some_random 8 hours ago

      It doesn't change anything in this case though, you can't use the default password against a tp-link device after it's been onboarded.

      Reply View 0 replies
  • [removed] 10 hours ago
    [deleted]
    Reply View 0 replies
recursive 9 hours ago

I feel seen. Why is the security illusory? I still don't understand the problem with this. Is the concern that someone will break into my house to covertly get access to my wifi password?

Reply View 0 replies
mystifyingpoi 11 hours ago

Same with Orange branded ones. There is even a QR code that you can scan on your phone - no more typing 16-24 hex characters.

It's hard to decide whether it's good or bad. It is definitely easier. Which I guess matters most in consumer grade routers.

Reply View 0 replies