If you really want your network to be both wireless-accessible and secure, you need to use [Open]VPN ... with digital certificates.
This way, if someone else in the coffee shop breaks the WPA encryption on what you're sending, Eve only sees a strongly-encrypted data stream underneath.
With certificates (and TLS-protection, in OpenVPN ...), there is no "password a.k.a. pre-shared key (PSK)" to break ... period. There are only one-of-a-kind digital keys, thousands of bits long, which on your computer should be further protected by being encrypted. Each and every certificate is unique, and can be individually (and, instantly ...) revoked without affecting any of the others.
WPA, et al, is merely designed to make it "moderately difficult" to listen-in on a wireless conversation. It is not, nor was it intended to be, "strong" security.
Last edited by sundialsvcs; 04-24-2016 at 08:09 AM.
|