How to (re) find your Wi-Fi password in Windows 8.1

So anyone can steal a Wifi password from an unattended computer? Sounds ridiculously insecure. Microsoft gets away with something a rookie programmer would be fired for.
 
If someone with malicious intent gets physical access to your computer, getting your WiFi password would be one of the least of your concerns.
 
I think a point is being missed here, as Mathepac said in the OP this method is for a FORGOTTEN password ie. the password was already known to the device/user in the first place, for it to connect to the WiFi.
And if that user chooses to leave his device unattended, in an environ where it could be at risk without employing some sort of access security then as Leo has rightly pointed out, the WiFi password would be of little concern.
 
Why have secure passwords at all then, if they can be stolen without your knowledge? I can think of more comforting answers than "worse things could happen"!
 
If you leave devices unattended and unlocked, then you're absolutely right, there is no point in setting passwords.
 
And by the same token multiple layers of security are always pointless, because once you make one mistake you deserve everything you get.
 
Multiple layers are a good idea, but if you allow physical access, you're pretty much allowing anyone bypass all those layers.

That's why most of the major cyber attacks target users within the network and tries to get them to install something on their machine giving the attacker full access to the network.
 
Not sure how you're connecting the two -- those cyber attacks are not related to physical access.

Plenty of serious crime is related to physical machine access but, unlike the big cyber crime waves, they're the embarrassing sorts of internal breaches that companies are anxious to keep out of the news. The companies I know of who have addressed it take internal password security very seriously, to the extent of making breaches a firing offence.
 
Some of the big ones have been, typically via infected removable storage, USB devices now ala Stuxnet, or as released recently, hard drives with malicious code embedded in the firmware. But yes, an attacker gaining physical access isn't a common approach.

The point was that you seemed concerned about someone being able to re-generate your WiFi password from your computer. But if that happens, by then you've already lost the battle, they're already in.
 
With your Wifi password they can keep coming back, possibly undetected and unnoticed. It's the reason why weak 64-bit Wifi security was replaced. They may be more interested in your network than your specific machine.

But my general point is there's no point making a vulnerability worse than it has to be, whereas you seem to be saying you might as well throw your hands in the air.
 
No, I'm saying if someone with malicious intent has free access to your computer, or any network device in your house, then no wifi password security is going to protect you. With free access they could attach a wifi or RF network access point on your network, again, wifi passwords won't block that access. In reality, they'd just install remote access software on your computer.

With this software/hardware so easily available, it's unlikely someone would go to the trouble of regenerating your wifi password and then traveling to hang out in your garden to get access to your network.
 
On my business machine, remote access software would have been detected by a daily whitelist scan and reported to HQ. And an opportunistic intruder would probably not get away with using a ladder and removing ceiling tiles to install their own access point.
 
I was more referring to home machines/ networks, but those scans are far from foolproof, ask Raytheon, but can be an effective extra layer in environments where things don't change too frequently. Malware can piggyback on known white-listed apps to hide their trails. Bit too cumbersome and costly in terms of time to market for bigger enterprises. If you really want to go after it though, bring in network access control that monitors behaviours, and dumps offenders into restricted vlans with lots of devices and data that will keep an attacker busy for a long time before they figure out what's happening. An enterprise should really use tokens/certs to control access to wifi networks so even the password wouldn't be enough to get access.

Access points can be hidden in electrical adapters, USB sticks, behind socket plates, etc.

I think we're probably boring people now :)
 
Oh, Thank God....................:)

And I was about to describe a handy way to extract the password from the router................definitely wouldn't dare now !! :p:p:D:D
 
No please go ahead! (We need something new to poke with our tweezers and stick under the microscope) :p
 
For those of you totally mystified by all of this can I suggest an even simpler way to get to your forgotten WiFi password? When you visit your relative's house, just lift the router and the chances are very high that the the label on the base-plate will have the password typed en-clair. Sorry there's no more wizardry to it than that.

Changed it from the default on the base-plate at home? Follow the instructions to reset the router and the password on the base-plate will almost certainly work again.
 
Back
Top