How to disable qr-code sharing in wifi wpa2 connection?
I am trying to un-select & save the "qr-code" option in:
Advance->Wireless->Wireless Settings->2.4GHZ OR 5GHZ ->Sharing Network.....but it gets automatically selected again after logout or exploring other settings??
FYR:
1) WPS function is disabled.
2) Version: WPA2-PSK
3) Encryption: AES
4) Mode: 802.11bgn mixed.
This is causing lot of trouble even after enabling mac-filtering as someone spoofs the whitelisted MAC and scans qr-code from another member's phone.
Please help I do not want to implement Radius and related settings for my SOHO..
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hmmm, I mentioned using WEP because:I watched some YouTube videos recommending it......but never tried it, as WEP is certainly a big no as far as security is concerned.
Anyway, the best thing that I have done (in regard to the options available on my router) is:
1) Hide main SSIDs for both 2.4 & 5 GHZ networks.
2) Rename guest SSID as main SSIDs (enabling both 2.4 & 5 GHZ)....thereby making others believe that its the main SSID.
3) Divided MACs of all employees into 2 category: faithful and rogue.....all faithfuls join main hidden SSID & others join as guests with settings:
a) Guests cannot see each other &
b) guest cannot access main network.
Keep on changing guest SSiD passwords daily (that's 2-3 employees changing password daily on their phone).
4) Enabled MAC filtering
Not permanent solution but that the best I could do.
Regarding your views about admin account ...well that's true but we have rigorous policies based upon both Microsoft Baseline & US DOD and we never allow any ADMIN logins.
Further I guess RADIUS inbuilt in the router OS plus implementing WPA2-ENTERPRISE is the only perfect solution OR providing phones to the employees with some ANDROID APP to disable qr-code in them.
- Copy Link
- Report Inappropriate Content
Hi,
The QR code available for scanning on the phone is being generated independently by the phone itself. This feature doesn't depend on the Wi-Fi router. Even if the Archer A7 didn't have its own QR code generator (i.e. "Sharing Network" feature) it would still be the same.
So, if your friends leave their smartphones lying around unattended with the screen unlocked, then there is nothing stopping another person to look up the Wi-Fi password (or scan the QR code) and also the MAC address from one of those smartphones.
- Copy Link
- Report Inappropriate Content
Are you pretty sure that the sharing feature is phone dependent? I have seen some Youtube videos regarding this matter ....but they are suggesting to use WEP encryption ..then android phones will not display qr-code sharing option...which is sort of patching 1 problem but creating another loophole.
Yeah the situation about unlocked phones lying around is true but there can be different SOHO scenarios ...for example a fired employee taking help from an insider etc.
The irony is we cannot disallow phones and other gadgets in the office.
- Copy Link
- Report Inappropriate Content
Ok. Your comment made me wondering about that WEP encryption.
So I searched through my collection of routers until I finally found one that is old enough to still support WEP and set it up accordingly.
Then I connected my smartphone (Android 13) to the router's Wi-Fi. With screen lock disabled it revealed the Wi-Fi password right away after tapping on "Share" and also showed a QR code (see the screenshots below). With screen lock enabled the phone will actually request the user to authenticate themself before revealing the password and QR code.
But anyway, the behavior with this particular phone is no different than if the Wi-Fi security was WPA, WPA2 or WPA3.
And even if some phones don't generate a QR code, the Wi-Fi name and Wi-Fi password is all a person needs to connect to the Wi-Fi. A computer running Windows 10 that is logged in with the administrator account and currently connected to the Wi-Fi network will also reveal the Wi-Fi password with just a few clicks.
- Copy Link
- Report Inappropriate Content
Hmmm, I mentioned using WEP because:I watched some YouTube videos recommending it......but never tried it, as WEP is certainly a big no as far as security is concerned.
Anyway, the best thing that I have done (in regard to the options available on my router) is:
1) Hide main SSIDs for both 2.4 & 5 GHZ networks.
2) Rename guest SSID as main SSIDs (enabling both 2.4 & 5 GHZ)....thereby making others believe that its the main SSID.
3) Divided MACs of all employees into 2 category: faithful and rogue.....all faithfuls join main hidden SSID & others join as guests with settings:
a) Guests cannot see each other &
b) guest cannot access main network.
Keep on changing guest SSiD passwords daily (that's 2-3 employees changing password daily on their phone).
4) Enabled MAC filtering
Not permanent solution but that the best I could do.
Regarding your views about admin account ...well that's true but we have rigorous policies based upon both Microsoft Baseline & US DOD and we never allow any ADMIN logins.
Further I guess RADIUS inbuilt in the router OS plus implementing WPA2-ENTERPRISE is the only perfect solution OR providing phones to the employees with some ANDROID APP to disable qr-code in them.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 96061
Replies: 4
Voters 0
No one has voted for it yet.