Simple questions: What is WPS (Wi-Fi Protected Setup) and how does it work?

If you have configured a wireless router on your own, you have encountered the term WPS in its configuration menus, or you have seen a button marked WPS alongside all the ethernet ports on the router's back. Do you know what WPS is? What does it stand for and how it works? Which devices and operating systems provide support for WPS? Learn the answers to these questions and more, from this tutorial:

What is the meaning of WPS (Wi-Fi Protected Setup)?

WPS stands for Wi-Fi Protected Setup. It is a wireless network security standard that tries to make connections between a router and wireless devices faster and easier. WPS works only for wireless networks that use a password that is encrypted with the WPA Personal or WPA2 Personal security protocols. WPS doesn't work on wireless networks that are using the deprecated WEP security, which can be cracked easily by any hacker with a basic set of tools and skills.

In a standard setup, you can't connect a wireless device to a wireless network unless you know the network name (also named SSID) and its password (also called WPA-PSK key). Let’s assume that you want to connect a device, like your smartphone, to your wireless network. On your device, you must first pick the network that you want to connect to and then enter its security password. Without performing both steps, you cannot connect to the WiFi network.

This is where the WPS comes in to simplify the connection process. Read on to learn how.

What can WPS do?

WPS can sometimes simplify the connection process. Here’s how WPS connections can be performed:

  1. First, press the WPS button on your router to turn on the discovery of new devices. Then, go to your device and select the network you want to connect to. The device is automatically connected to the wireless network without entering the network password.
  2. You may have devices like wireless printers or range extenders with their own WPS button that you can use for making quick connections. Connect them to your wireless network by pressing the WPS button on the router and then on those devices. You don't have to input any data during this process. WPS automatically sends the network password, and these devices remember it for future use. They will be able to connect to the same network in the future without you having to use the WPS button again.
  3. A third method involves the use of an eight-digit PIN. All routers with WPS enabled have a PIN code that's automatically generated, and it cannot be changed by users. You can find this PIN on the WPS configuration page on your router. Some devices without a WPS button but with WPS support will ask for that PIN. If you enter it, they authenticate themselves and connect to the wireless network.
  4. A fourth and last method also involves using an eight-digit PIN. Some devices without a WPS button but with WPS support will generate a client PIN. You can then enter this PIN in your router's wireless configuration panels, and the router will use it to add that device to the network.

While the first two methods are rapid, the last two do not provide any benefits regarding the time it takes to connect devices to your wireless network. You have to type that eight-digit PIN and typing the wireless network password is just as slow. The fourth method of connecting to a wireless network is even slower because you have to access the router's wireless configuration section and type the PIN provided by the client device. If you want to know how a WPS PIN looks, here’s one generated by a TP-Link Archer C1200 router.

While on your router things will look different, the process for connecting devices through a WPS PIN works the same.

Where do I find WPS on my router?

Since wireless routers are the ones that manage wireless connections through WPS, they are the most popular type of devices providing support for this network security standard. Almost all modern routers have WPS support. On many routers, WPS is enabled by default. Manually enabling WPS is done either through the firmware of your router, and its administration user interface, or using a WPS button.

On most routers, the WPS button is on the back of the router, alongside the Ethernet ports. Press it once, and WPS is enabled and working. You can then connect your wireless devices through WPS. In the picture below, you can see how this button looks on an ASUS router.

On other routers, the WPS button is shared with other features. For example, on the TP-Link router below, there’s one button for both WPS and turning WiFi on and off. A short press on this button turns the WiFi on or off. A long press on the same button, three seconds, enables or disables WPS.

Other wireless routers, like the ones made by Linksys, have the WPS button on their back, but with no text to label it as such. Instead, they use the WPS symbol highlighted below.

Other routers have the WPS button on the front or one of their sides. You should consult your router’s manual and see where the WPS button is placed and how it looks.

Which other devices work with WPS?

You can find WPS support on lots of networking equipment. For example, modern wireless printers may have a WPS button for establishing quick connections. Range extenders or repeaters can be connected to your wireless network through WPS. Laptops, tablets, smartphones, and 2-in-1 devices of all kinds have support for WPS, with the help of the operating system.

Which operating systems provide support for WPS and which don't?

WPS adoption is not that high when it comes to operating systems providing native support for it. Fortunately, the most important operating systems on the market (Windows and Android) work with WPS:

The list of operating systems which do not have native support for WPS includes Apple's OS X and iOS operating systems.

The problem with WPS: The PIN is insecure and easy to hack

The WPS standard mandates the use of a PIN on your router. Even if you never use that PIN, the wireless router will generate it. As revealed by security researcher Stefan Viehböck, the WPS PIN is highly vulnerable to brute force attacks.

What Stefan Viehböck has learned is that the eight-digit PIN is stored by routers in two blocks of four digits each. The router checks the first four digits separately from the last four digits. A hacker can brute-force the first block of four digits and move on to the second block. A smart hacker with the right tools can brute-force the pin in as little as 4 to 10 hours. Most hackers should pull this off in about a day. Once this PIN is brute forced, they can connect to your wireless network and find your security key, even though it is complex and protected with proper encryption, thus getting complete access to your network.

Other security researchers have revealed different programming and design flaws that make WPS rather insecure. You can read what they have to say, here: We TOLD you not to use WPS on your Wi-Fi router! We TOLD you not to knit your own crypto!

Who invented the WPS and when?

WPS was designed by the Wi-Fi Alliance and introduced to the market in 2006, with the goal of allowing home users who don't want to fiddle with long wireless network passwords and security settings to quickly connect new wireless devices to their networks.

Wi-Fi Alliance is a global non-profit association that promotes Wi-Fi technology and certifies Wi-Fi products. It has more than 600 members, and it includes many famous companies including Microsoft, Apple, Samsung, Intel, Broadcom, and others. All the relevant providers of networking equipment are also part of this organization.

Among other things, this organization owns the Wi-Fi trademark. When you see a device with the Wi-Fi logo on it, it means that it has been certified by the Wi-Fi Alliance.

 

Conclusion

As you can see from this article, WPS is a rather troubled wireless network security standard. While it can make your life easier, it is also vulnerable to attacks, and it may be hard to use with some devices. Before you close this article, let us know if you have used WPS to connect your devices to the wireless network. How well did it work for you? Did you choose to turn it off because of its security vulnerabilities?