"A simple passkey on the router / laptop" — Sounds to me like WEP

Ultimately wireless is like satellite… It's floating throw the air and as long as people have access to a portion of it (encrypted message/signal)… they'll find a way to access the rest…

Ultimately it comes down to the balance game. Let's go with a home robbery scenerio…

I'm walking down the street and there are five houses (A, B, C, D, E). All 5 homes contain the same items as far as I know…

House A has the doors wide open and a giant neon "steal from me" sign..

House B has the doors and windows shut… but they aren't locked..

House C has locked their doors and windows

House D has locked their doors and windows and has an alarm system and a guard dog.

House E has the doors and windows shut, an alarm system, a guard dog, razor wire fencing, and armed sentries…

Which house do you rob?

Ultimately, it's house A because it has the weakest security… However House B is only safe because of House A's existence… However by House D it's no longer worthwhile for the attacker to break in… it's more effort than the gains…

So House D and E seem to be the better bets… The problem is that the sentries at house E check your ID every time you come and go… so suddenly they're hindering the access to your house… With House D you control the alarm and the dog is friendly… So House D is a nice trade off between security and accessibility.

Instead of providing "cheap" products, the vendors should be providing secure products… Here's my dream AP / router…

- 802.11x (Port-Based Authentication)… Each username allowed to be authenticated only once… dead sessions can be timed out from the router interface.

- MAC Address filtering… while usernames don't have to be tied to a MAC Address, once that username is entered it is tied to that MAC address and only that address until it is reset in the user interface.

- Requirement for alpha-numeric-symbol 10 character passwords on router interfaces HTTPS / SSH required… HTTP / Telnet gone completely..

-Wireless 'ports'…. Wired ports are limited by the number of physical connections… I'd like the AP to have a customizable number of virtual "Wireless ports"… If you have only 1 wireless PC, you have only one wireless virtual port…. no one else can connect..

If this isn't cost effective for the vendors, then they can raise their prices… Or… Option B

OTP (One-Time-Passwords)… What if the WEP key was a One Time Password… each router comes with a couple of OTP dongles… users have to generate the key each time they connect and it's valid only for that session…

just helps as a deteriant.

“A simple passkey on the router / laptop” — Sounds to me like WEP

Ultimately wireless is like satellite… It’s floating throw the air and as long as people have access to a portion of it (encrypted message/signal)… they’ll find a way to access the rest…

Ultimately it comes down to the balance game. Let’s go with a home robbery scenerio…

I’m walking down the street and there are five houses (A, B, C, D, E). All 5 homes contain the same items as far as I know…

House A has the doors wide open and a giant neon “steal from me” sign..

House B has the doors and windows shut… but they aren’t locked..

House C has locked their doors and windows

House D has locked their doors and windows and has an alarm system and a guard dog.

House E has the doors and windows shut, an alarm system, a guard dog, razor wire fencing, and armed sentries…

Which house do you rob?

Ultimately, it’s house A because it has the weakest security… However House B is only safe because of House A’s existence… However by House D it’s no longer worthwhile for the attacker to break in… it’s more effort than the gains…

So House D and E seem to be the better bets… The problem is that the sentries at house E check your ID every time you come and go… so suddenly they’re hindering the access to your house… With House D you control the alarm and the dog is friendly… So House D is a nice trade off between security and accessibility.

Instead of providing “cheap” products, the vendors should be providing secure products… Here’s my dream AP / router…

- 802.11x (Port-Based Authentication)… Each username allowed to be authenticated only once… dead sessions can be timed out from the router interface.

- MAC Address filtering… while usernames don’t have to be tied to a MAC Address, once that username is entered it is tied to that MAC address and only that address until it is reset in the user interface.

- Requirement for alpha-numeric-symbol 10+ character passwords on router interfaces HTTPS / SSH required… HTTP / Telnet gone completely..

-Wireless ‘ports’…. Wired ports are limited by the number of physical connections… I’d like the AP to have a customizable number of virtual “Wireless ports”… If you have only 1 wireless PC, you have only one wireless virtual port…. no one else can connect..

If this isn’t cost effective for the vendors, then they can raise their prices… Or… Option B

OTP (One-Time-Passwords)… What if the WEP key was a One Time Password… each router comes with a couple of OTP dongles… users have to generate the key each time they connect and it’s valid only for that session…

I am not as lucky. Only sometimes will I get an unsecure, faint wireless connection in my apartment complex. The other 7 or so are secured, albeit almost all with WEP. (Not that that really stops me, but at least my neighbors know I’m around as I have a big hack sticker on my car).

I don’t know how wireless security can solve this, oddly. What makes things easy for users also makes things easy for attackers. I think the best bet would be to require just a simple passkey in the router setup and that simple passkey in the laptop. But even that is prone to problems as you still need to have people understand their SSID vs someone else. And while there may be unity in wireless router GUIs, client-side, setting things up is still very different vendor to vendor. Hell, even on Windows if you come to me with a laptop with some weird wireless driver/mgmt interface, even I can struggle for a bit.