What Does WPS Mean? (and why you should disable it)

Written by Baz in Internet

Disclosure

Just to let you know, we’re an affiliate for Amazon, Bluehost, CJ and Rakuten Marketing and some of the links below are affiliate links, meaning that, at no additional cost to you, I may earn a commission if you click through and make a purchase. Thank you if you use our links, we really appreciate it!

What does wps mean?

If you’ve ever set up a wireless printer and connected it to your Wi-Fi network without having to enter a password or connected a set top box to your router then you’ve probably encountered WPS.

WP what?  I hear you say.

Well if you want to know what I’m talking about and often wondered what WPS stands for and how that little button on your wireless printer works, then look no further, this article is designed for you.

Not only am I going to explain what WPS is and how it works, I’m also going to look into the security of WPS and whether or not you should be using it.

So let’s get started then shall we?  Let’s start with a definition:

WPS stands for Wi-Fi protected setup and was formerly known as Wi-Fi Simple Config. WPS is a network security standard designed to create a secure Wireless home network and allows users to connect their Wi-Fi enabled devices to their home routers quickly and easily.

It is worth noting here that WPS only works with the latest wireless security protocols.  So if your router supports WPA or WPA2, then you can take advantage, but it doesn’t work with older protocols such as WEP which can be compromised very easily with freely available tools.

What’s the point of WPS? 

So what problem does WPS solve?  Let me explain.

Most home routers encrypt their communication using WPA2-Personal or WPA2-PSK as it is also known.  The PSK bit stands for “Pre-Shared Key”.

You either use the default passphrase that comes with your router (often written on a sticker attached to the side of your router), or you come up with your own passphrase for your router (recommended).

You then provide this passphrase to each and every device that wishes to connect to your network.

It is this passphrase that prevents unauthorized access to your Wi-Fi network.  Your router uses it to generate an encryption key to encrypt your network traffic, so that nobody can eavesdrop on it and steal your online banking details for example.

Now, this can get a bit inconvenient, especially if you use a long passphrase like I do.  For every new device, you have to enter your passphrase in order to connect it to your router.

That is why WPS was invented.

WPS simply enables you to connect devices to a Wi-Fi network without having to enter a password.

What happens when i press the wps button on my router?

The WPS button on your router allows you to connect devices to your wireless network at the click of a button, without having to enter your Wi-Fi password.

Pressing the WPS button on your router enables your router to discover new devices.  

Typically you would hold down the WPS button until the light on the button begins to flash.  Usually a few seconds are enough.

Now depending on what device you wish to connect to your router will depend on what you do next.

So for example on devices such as notebooks, desktops and tablets, a physical WPS button is not likely to be available because you would normally connect via WPS on your touchscreen.

However, if you have a wireless printer for example, or a set top box, then these devices usually have a physical WPS button.

Pressing the WPS button (or touchscreen) on a device when the the router is in discovery mode will automatically connect that device to the wireless network.

During the connection process, the password will be sent to these devices and the devices will store that password for future use and you won’t have to press the WPS button again.

Where is the wps button on my router?

Typically the WPS button is on the back of the router and you often see it alongside a bunch of Ethernet ports.

In saying that however, the WPS button on my router is on the side.

Most routers support WPS and on many routers WPS is enabled by default so you shouldn’t have to do anything extra to get the WPS button to work.

You can take a look at the image below so you will see where the WPS button is located on my router.

WPS Button Wireless Router

And if you have a look at my Wi-Fi printer, you will see a WPS button on there too enabling it to be connected to my Wi-Fi simply and easily.

WPS Button Wireless Printer

What to do if wps is not working

If the WPS connection fails, which it sometimes does, here are a number of different things you can try:

  • Ensure that WPS is enabled on your router
  • Move your router in close proximity to your device
  • Change the WPA encryption mode to AES only
  • Reset your router back to factory settings
  • Disable ipv6 and only use ipv4
  • Restart your router by putting a pin in the reset hole in the back of it

Finally, WPS is just one mechanism to connect a device to a WPA or WPA2 Wi-Fi network.

There is a big ‘but’ though, because as we will explore next, WPS does absolutely nothing for the overall security of your Wi-Fi network.

Is WPS Secure?

In a word NO, WPS is NOT secure.

Although WPS presents a convenient way to get your device enrolled onto your Wi-Fi network and despite the fact that it uses encryption, the use of a WPS PIN or PBC (Push Button) mechanisms for authenticating the initial key setup is not secure at all.

The worrying thing is that your router probably supports WPS and chances are it’s enabled by default like it is on my router.

So why is it so insecure? 

Well let’s look at the different ways that WPS is implemented and we will see why each one of them makes your Wi-Fi network vulnerable:

Push Button Connect (PBC)

As mentioned earlier, one of the ways in which you can connect to a router is by pushing buttons on both the router and the Wi-Fi client (i.e. a Wi-Fi printer).

Similar to Bluetooth pairing, this type of WPS pairing is only active for a minute or two before timing out.

Now this seems fine because the push button mechanism doesn’t have any remote security problems, however any visitor to your home only needs to press the physical WPS button on your router and they have access to your Wi-Fi network.

They don’t even need to know your (hopefully) secure password.

PIN

The most problematic and vulnerable part of WPS is the router PIN.

If you want to connect to your router, then you can do so by entering your routers hardcoded WPS password (or “pin code”).

This PIN is set-in-stone and can’t be changed but it appears on the bottom of almost every WPS capable router.

Again, it only takes a visitor to your home to take a picture of this PIN code and they have access to your Wi-Fi network.

But that isn’t the only issue.

The main issue is that Wi-Fi clients can guess the PIN code over and over and over again, until they get it right.

This is an 8-digit code, which seems uncrackable, because there are 100 million possible codes.

However there are some major flaws here.

First of all the last digit is a checksum digit, so now we only have 7 digits.

Moreover, these 7 digits are not validated in one go.

Instead, the Wi-Fi client sends the first 4 digits over to the router to be validated, then it offers the last 3 digits for validation.

Given that four digits is 10,000 code possibilities and three digits are 1,000 code possibilities, you only have to guess 11,000 times, which won’t take a computer very long to do at all, hours at the most.

And to make matters worse, there is even software available (called Reaver) to help attackers brute force their way into your home network.

How else can WPS be compromised?

One final way, if the attacker is desperate enough, is that they can setup a Wi-Fi device to send WPS push button requests to your router every 20 to 30 seconds.

This will likely take months, but eventually one request will succeed.

How to Disable WPS

Now that we have established that WPS makes your Wi-Fi insecure, how do we go about disabling it?

Unfortunately, some routers out there don’t allow you to disable WPS.  There simply isn’t an option to do so in their web interfaces.

Other routers do allow you to disable WPS, but don’t give you much choice in terms of authentication methods and some routers will only allow you to disable PIN-based WPS authentication.

The best routers don’t support WPS at all, such as the new Mesh Routers (Amazon link), which are probably the most secure.

However, if your router does enable you to disable WPS, I highly recommend you do so.

Usually you can find the option in your router’s web interface. 

If you have a BT Smart Hub like I do, then you can turn off WPS in the Advanced wireless settings:

Disable WPS Wireless Router

Wrapping up

In this article, we’ve explored what WPS means, what it stands for and what problem it was designed to solve.

We’ve also looked at the different ways that you can connect devices to your router using WPS.

Finally, we’ve discussed WPS security and why you should disable it as soon as possible on your home router.