Wireless Network Security Key Is Not Correct
Ortiz Ullery
Printed an info page which says the printer might not be connected to Instant Ink anymore and will be unable to print soon. I put in wireless security key number but it keeps telling me it's a mismatch number but I'm putting the correct key number in. I haven't changed computer, printer, router etc so why is this happening?
Thank you. I printed out a network configuration page as you suggested and used the WiFi direct password that was printed on the sheet (not one I've used before), Once I'd input that number it accepted it as the correct password and everything now sorted, (I hope!!!)
I have another 2015 MacBook Pro and an iPhone that can connect to my home Wi-Fi with no problems. So, it seems issue seems to be particular to this device (the 2017 MacBook Pro) in combination with my home network. This device has no problems connecting to other Wi-Fi networks (it works successfully at my office, at the airport, other homes, etc.)
If you disconnect you hub or another device that macOS detects like a network port, the WiFi works fine, but to remain connected with the hub or some device, go to System Preferences/Network and set inactive the devices that show this window (USB, Hub, Thunderbolt, etc.), and with this now my WiFi works fine.
If that doesn't work, please try changing the SSID on your Wi-Fi modem/router, being certain that the SSID is unique. While you're at it, upgrade to 10.14.4 since there were a few, seemingly unrelated, Wi-Fi issues corrected.
I have a BT Homehub router so the settings (in "advanced" tab) allowed me to 'separate' the 2.4GHz and 5GHz channel settings which resulted in 2 SSIDs being visible on the network. The 5GHz channel was recognisable from the addition of -5 being added to my original SSID. I connected to the 5GHz channel without any problem.
I had tried changing WPA2 to WPA2/WPA mode and from AES to TKIP encryption, forgot network in Mac Wifi settings, but nothing was helping. Then by chance I had found a similar post about WMM and the key was to set Enable WMM No-Acknowledgement to Disable and everything started to work like a charm.
This is what worked for me: My router allows both 5G and 2.4G WLAN interfaces. It seems you are supposed to only set one of them with full WPA2 encryption, so you end up with 2 options:
In wireless security, passwords are only half the battle. Choosing the proper level of encryption is just as vital, and the right choice determines whether your wireless LAN is a house of straw or a resilient fortress.
Complexity is the new normal in wireless networks. From IoT to personal devices to hybrid cloud environments, IT professionals have their hands full just keeping track of everything on the wireless network -- never mind securing it all.
Wireless only gets more complicated from there. IT pros contend with other factors, including cloud-managed wireless LAN architecture, IoT devices without display interfaces and end-user populations who chafe at new security measures that potentially interfere with their internet connections.
Enter wireless network security -- a set of practices and tools used to protect WLAN infrastructure and the traffic that traverses it. Broadly speaking, wireless security articulates which endpoints are and aren't permitted on a Wi-Fi network through network access and security policies. Technology enforces those rules and protects the network from anyone, or anything, that attempts to breach it.
Wired network security protects traffic that travels between devices like switches, routers and anything using an Ethernet cable. In contrast, wireless security primarily concerns itself with traffic that travels over the air between wireless devices. These include wireless access points (APs) communicating with a controller device (or, on a mesh network, with each other), as well as communications between APs and endpoints connected to the Wi-Fi network.
Encryption is one of the most important tools used to create a secure network, including -- and perhaps especially -- in a wireless LAN. It works by using formulas known as algorithms to scramble messages as they travel between wireless devices. Even if intercepted, these messages are incomprehensible to unauthorized users without a decryption key.
Just as an unlocked building represents an open invitation to burglars, an unsecured network is at high risk of being compromised by internal or external threat actors seeking to steal data, eavesdrop or perform other malicious activities. In some ways, the stakes are even higher on a wireless network, as anyone within range can intercept the radio waves that carry Wi-Fi traffic -- no direct access to hardware required.
To further illustrate the threat, imagine being in a crowded restaurant and hearing another diner conduct a call with their bank on speakerphone. They loudly share all kinds of sensitive information -- their credit card numbers, Social Security number, name, date of birth and so forth -- within earshot of everyone else in the restaurant. Anyone could take that information and commit every flavor of fraud and identity theft. Essentially, that's what an unsecured, or even insufficiently secured, wireless network looks like to would-be attackers.
In addition to the risk of snooping and data breaches, threat actors can use unsecured wireless networks as a point of vulnerability to gain access to the broader enterprise network. Encryption doesn't necessarily solve this problem, but it's reasonable to expect that attackers who see a WLAN with outdated encryption protocols in place will begin poking around for other weak spots in the wireless network.
When choosing from among WEP, WPA, WPA2 and WPA3 wireless security protocols, experts agree WPA3 is best for Wi-Fi security. As the most up-to-date wireless encryption protocol, WPA3 is the most secure choice. Some wireless APs do not support WPA3, however. In that case, the next best option is WPA2, which is widely deployed in the enterprise space today.
At this point, no one should use the original wireless security protocol, WEP, or even its immediate successor, WPA, as both are outdated and make wireless networks extremely vulnerable to outside threats. Network administrators should replace any wireless AP or router that supports WEP or WPA with a newer device that's compatible with WPA2 or WPA3.
Wi-Fi Alliance developed WEP -- the first encryption algorithm for the 802.11 standard -- with one main goal: prevent hackers from snooping on wireless data as it is transmitted between clients and APs. From its inception in the late 1990s, however, WEP lacked the strength necessary to accomplish this aim.
WEP uses the RC4 (Rivest Cipher 4) stream cipher for authentication and encryption. The standard originally specified a 40-bit, preshared encryption key. A 104-bit key later became available after the U.S. government lifted certain federal restrictions.
An administrator must manually enter and update the key, which combines with a 24-bit initialization vector (IV) in an effort to strengthen encryption. The small size of the IV increases the likelihood that users will recycle keys, however, making them easier to crack. This characteristic, along with several other security flaws and vulnerabilities -- including problematic authentication mechanisms -- makes WEP a risky choice for wireless security.
Cybersecurity experts identified several severe flaws in WEP in 2001, eventually leading to industrywide recommendations to phase out the use of WEP in both enterprise and consumer devices. After investigators traced a large-scale cyber attack against T.J.Maxx in 2007 back to vulnerabilities exposed by WEP, the Payment Card Industry Data Security Standard prohibited retailers and other entities that process credit card data from using WEP.
The numerous flaws in WEP revealed the immediate need for an alternative. But the deliberately slow and careful processes required to write a new security specification conflicted with the urgency of the situation. In response, Wi-Fi Alliance released WPA as an interim standard in 2003, while IEEE worked to develop a more advanced, long-term replacement for WEP.
WPA has discrete modes for enterprise users and for personal use. The enterprise mode, WPA-Extensible Authentication Protocol (WPA-EAP), uses more stringent 802.1x authentication and requires the use of an authentication server. The personal mode, WPA-Pre-Shared Key (WPA-PSK), uses preshared keys for simpler implementation and management among consumers and small offices.
Although WPA is also based on RC4, it introduced several enhancements to encryption -- namely, the use of the Temporal Key Integrity Protocol (TKIP). TKIP contained a set of the following functions to improve WLAN security:
Wi-Fi Alliance designed WPA to be backward-compatible with WEP to encourage quick, easy adoption. Network security professionals were able to support the new standard on many WEP-based devices with a simple firmware update. This framework, however, also meant the security WPA provided was not as comprehensive as it could have been.
Developed by the U.S. government to protect classified data, AES comprises three symmetric block ciphers. Each cipher encrypts and decrypts data in blocks of 128 bits using 128-, 192- and 256-bit keys. Although the use of AES requires more computing power from APs and clients, ongoing improvements in computer and network hardware have mitigated performance concerns.
WPA2 also introduced more seamless roaming, enabling clients to move from one AP to another on the same Wi-Fi network without having to reauthenticate, using Pairwise Master Key (PMK) caching or pre-authentication.
In 2017, Belgian security researcher Mathy Vanhoef discovered a major security flaw in WPA2, known as the key reinstallation attack (KRACK) vulnerability, which exploits the reinstallation of wireless encryption keys. While WPA2-Enterprise has a stronger authentication scheme due to its use of EAP -- compared to WPA2-Personal, which uses preshared keys -- the KRACK vulnerability exists at the encryption stage. As a result, it affects all WPA2 implementations.
c80f0f1006