Comment by bandushrew
12 years ago
This seems like a good time to remember that Google has been storing wifi access passwords in plain text on its servers, and (presumably) passing them between its data centers.
It can be assumed that as a consequence of google's decision to store passwords in plaintext, the NSA now have access to every wifi access point that has been used by an android device.
This is a massive security breach. I sincerely hope google notifies android users of the problem.
The more I see stories like this, the more I wonder why there aren't tools out there that complement something like 1Password, LastPass or KeyPass by rotating passwords for all your devices programmatically. More devices should support SSHing into them for password rotation or some API for frequent password rotation.
e.g.
Here's the password for this router, rotate this key every X days, upon rotation, connect to the computers of friends X, Y and Z to notify them of the password update.
I imagine such a system would require two passwords, one to change the password so only one device is responsible for rotation and a second to share with others so they can access the computing resource in question.
Alternatively, every device should function with individual passwords for every user. I still get frustrated that wifi only offers one password and doesn't give you the option to give out one password per user. Future wifi protocols should permit a user to try to connect to a wifi and wait until someone approves their access. Approval could be done by visiting the routers IP address and granting access through some form that shows which clients are requesting access at that point in time. Furthermore, the way in which a computer requests access to wifi could be accomplished by having that computer submit it's SSH public key to the router.