Windows 10 May Share Your Wi-Fi Password with Facebook
Windows 10's Wi-Fi Sense is meant to get your friends on your Wi-Fi network, but it's actually a dangerous over-sharer.
If you're taking up Microsoft on its offer of a free upgrade to Windows 10, you should know that the new operating system has a feature, called Wi-Fi Sense, that automatically shares your Wi-Fi passwords with others.
When Wi-Fi Sense is enabled, anyone you have in your Skype, Outlook or Hotmail contacts lists — and any of your Facebook friends — can be granted access to your Wi-Fi network as long as they're within range. Microsoft added this feature to save users time and hassle, but as independent security blogger Brian Krebs put it, some security experts see it as "a disaster waiting to happen."
MORE: Windows 10 vs. OS X El Capitan: Why Microsoft Wins
Krebs and others worry about the potential for strangers or untrustworthy friends being given access to users' home Wi-Fi networks. Microsoft has tried to reassure them by pointing out that you have to agree to enable Wi-Fi Sense every time you join a new network, that those people to whom you grant network access can't pass along that access to yet more people, and that the feature doesn't share an actual password, but rather an encrypted version of it.
Despite the safeguards, the issue is nonetheless dangerous for those users, and there are many of them, who agree to everything their computers ask of them. If they agree to share Wi-Fi Sense with their Facebook friends, then, yep, all of their Facebook friends will be given access to their networks. (We've already encountered this request from Windows 10, which didn't really explain what the feature entailed.)
Wi-Fi Sense makes sense if you're visiting a friend and don't want to enter a long string of random characters to get onto his or her network. But have you pruned your contacts lists down to just the people you trust? Are all of your Facebook friends really your friends? Probably not. Most people have many contacts or Facebook friends whom they barely know — would you really trust your Wi-Fi password with your second cousin's boyfriend or that guy in the neighborhood who once fixed your toilet?
The other problem is that Wi-Fi Sense lets you share access to more networks than just your own. You can share access to any network that you got onto the old-fashioned way — by typing in the password. Wi-Fi Sense doesn't distinguish between your home network, your office network or your grandmother's home network. If you typed in the password, they're all fair game.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!
Personally, we're going to ask that people never enable Wi-Fi Share if they bring a Windows 10 laptop or tablet — or a handset running Windows Phone 8, which also has the feature — into our house. We keep our password, which is somewhat complicated, taped to our home router for anyone who needs it.
Once Wi-Fi Share-enablers have typed that password into their Windows 10 devices, all of their friends can access our home network if they're within range. Even though we trust our friends and family, we haven't spent time with all of their contacts and Facebook friends, and we have no idea whether they're trustworthy.
How to Stop Wi-Fi Sense Sharing
If you want to disable Wi-Fi Sense on your computer and wipe its memory, that's not difficult. Go to Settings, select Network & Internet and then click on Wi-Fi. Select Manage Wi-Fi Settings, scroll to the Wi-Fi Sense section, and turn off each and every feature.
But that won't stop people who already have access to your network from sharing that access with others. You could just change your network password, but as soon as you share that password with anyone else, the problem starts all over again.
Microsoft offers a permanent solution to this problem, but it's somewhat insane. You have to change your wireless network's name, or SSID, so that it ends with the characters "_optout". So if it's called "joe-network", it'll have to be adjusted to "joe-network_optout".
There's another way to avoid this: Buy a wireless router that allows the creation of a guest network that has Internet access, but no access to other devices on the network. Many high-end routers already have this feature. Set up a guest network with an easy password, or no password at all, and sleep easy.
Now, you'll never have to worry whether that guy named Bob you met at the holiday party at the office you worked at seven years ago can lurk on your network.
Having issues with Windows 10? Our sister site, Tom’s Hardware, has a team of staffers standing by in the forums to answer your questions 24/7.
- How to Password Protect a Folder in Windows 10
- Facebook Won't Back Down on Real-Name Policy
- Best Router - Get a Better Wi-Fi Signal at Home
Henry T. Casey is a staff writer at Tom’s Guide covering security and music. In his personal time, you can find him at local concerts or tinkering with his cold-brew coffee process. Follow him at @henrytcasey.
Henry is a managing editor at Tom’s Guide covering streaming media, laptops and all things Apple, reviewing devices and services for the past seven years. Prior to joining Tom's Guide, he reviewed software and hardware for TechRadar Pro, and interviewed artists for Patek Philippe International Magazine. He's also covered the wild world of professional wrestling for Cageside Seats, interviewing athletes and other industry veterans.