Wi-Fi SSID: To Hide or Not to Hide?

If you read just about any article about Wi-Fi security the question of hiding/not hiding your Wi-Fi SSID (Service Set Identifier) will almost inevitably come up.  The SSID is the Wi-Fi router’s “name”, and it is what you click on when you wish to connect to that network.  Most of these articles will say that hiding your SSID is counterproductive as it will make you more interesting to a hacker.  In full fairness, this also includes my own writing.  In both the Windows 7 and iOS editions of Your Ultimate Security Guide I recommended NOT hiding your SSID.  I had some reasoning for recommending this: in my estimation it amounts to profile elevation.  Like sending a Do Not Track request to a website, a hidden SSID makes you more distinctive than everyone around you.

But does hiding your Wi-Fi SSID alone really make you a more attractive target?  To quote the inimitable Ulysses Everett McGill of O’ Brother Where Art Thou?, “it’s a fool who looks for logic in the chambers of the human heart.”  To unequivocally say that an attacker will target you just because your SSID is hidden may not be tell the whole story, or may simply be dead wrong.  Criminals are not known for following the same set of mental processes that guide the actions of the average, law-abiding individual.  Sure, it may make you the more interesting target because you may seem like the more challenging target.  But just as equally, it may not.  The hacker may be looking for soft, langorous targets.  Or perhaps he or she is after a specific target that is not you.

I think the reason this is constantly brought up is that SSID hiding has been placed in the “security” category of features for Wi-Fi networks.  I contend that this is not a security feature at all.  Choosing not to broadcast your SSID is, in my opinion, merely a choice about how “noisy” you want your network to be.  While hiding your SSID cannot protect you from Anonymous, it do a few things.  It can prevent your neighbors from seeing  your network, and prevent kids in the waiting room at your practice from connecting to it.  Again, it will absolutely not prevent a determined adversary from finding your network.  There are various tools including inSSIDer and Kismet that will find these networks with ease.

My bottom line is this:

  1.  Hiding your Wi-Fi SSID network is a personal preference that is essentially neutral as a security measure.  It doesn’t necessarily make you less secure or a more attractive target, though it might based on factors that we can’t begin to model (i.e. human unpredictability).
  2.  Hiding your SSID for security reasons is ineffective and an example of security-through-obscurity.  If you are hiding your SSID as a security measure you should reconsider.

There are meaningful security measures you can take for your Wi-Fi network.  The best and strongest of these is to ensure that your signal is encrypted with WPA2.  The WPA2 protocol is actually very good (do not use WEP or WPA).  It offers much, much more protectiong than silencing your Wi-Fi SSID.  Another meaningful measure is to use a virtual private network; this will protect your traffic regardless of the security of your Wi-Fi.  It will also protect it at a much deeper level, and provide you with a bunch of other benefits.  We will delve much more deeply into Wi-Fi security in the upcoming Thirty-Day Security Challenge, so stay with me!

Leave a Reply