Home > Articles > Cisco Network Technology > Wireless/Optical/High Speed > Recovering and Securing Your Wi-Fi Encryption Keys

Recovering and Securing Your Wi-Fi Encryption Keys


  1. Use the WPS Button or PIN

Article Description

Have you forgotten the WEP or WPA key or passphrase for your Wi-Fi? Eric Geier, author of Wi-Fi Hotspots: Setting Up Public Wireless Internet Access, helps you to get connected. Discover how to recover or reset and secure your network password.

Trying to connect to the Wi-Fi network, but you've forgotten your network key or password? Don't worry, you can get around this problem in several ways:

  • Look for a WPS button or PIN that can automatically configure the security settings for you.
  • Recover the key from another computer that can still connect to the wireless.
  • Reset your wireless router to the original factory settings.

I'll discuss all of these methods in this article. Let's get started!

Use the WPS Button or PIN

If your wireless router supports Wi-Fi Protected Setup (WPS), you might not have to find your encryption key in order to connect. The process is similar to programming a garage door's remote control. Start by looking on the router itself for a WPS or security button, or a WPS personal identification number (PIN) printed on a label. (If your router doesn't have this button or PIN, skip to the next technique.)

For this method to work, the computer or device that you want to access must also support WPS. Windows 7 supports WPS. If you're using another Windows version or another type of device, browse its wireless settings to see whether WPS is supported. If you've installed the vendor's branded wireless connection manager in Windows, it might support WPS.

If both the router and your device support WPS, you're ready to give this method a try. If the router has a button, press it, and then try to connect to the wireless network. If your router has a PIN instead of a button, try connecting to the network; you should be prompted to enter the PIN. In either case, the router should transfer the network key and configure the device for you.

Recover Your Key with WirelessKeyView

If you have at least one Windows PC that can connect to the Wi-Fi, you can retrieve the stored key. You can't simply open your wireless network profile to view the key, since Windows encrypts these keys. However, you can use a third-party tool such as WirelessKeyView to recover and decrypt the key for you.

To get started using WirelessKeyView, visit the site and download the WirelessKeyView program. Extract the files or run the WirelessKeyView.exe program directly from the compressed folder. It should quickly scan for and display all the network keys saved to Windows. Copy the hex-formatted key and try to connect.

When All Else Fails, Restore the Default Settings

If your gear doesn't support WPS and you can't get even one computer online, you might have to resort to starting over. You can restore your router to its original settings, just as it was when you took it out of the box. However, you'll have to reconfigure all of your custom settings, such as the network name and security key.

Before trying this method, get out your installation guide and any installation CDs that came with the equipment. If you can't find them, you can probably download the installation details from the support section of the equipment vendor's website.

When you're ready, find the small reset button on the back of the router. Some reset buttons require you to insert a safety pin; others you can press with any old pen tip. Press and hold in this button for up to 20 seconds. After releasing the button, wait a minute or two for the router to reset itself and reboot. Then you should be able to connect with no problem to the default network name, which is usually the vendor's name. Be sure to reconfigure security (preferably WPA2) on the router and then on your computers.

Businesses: Replace Your Keys with Usernames and Passwords

If you're dealing with a network used by a business or organization, you actually shouldn't be using encryption keys or passphrases. Instead, you should be using the Enterprise mode of WPA or WPA2 encryption. In this mode, you connect to the wireless network by using usernames and passwords.

Since the actual network keys are securely managed in the background, this mode protects you from rogue employees and thieves. For example, if you're using the simple Personal or pre-shared key (PSK) mode of WPA or WPA2, the actual encryption key is stored on the computers and end-user devices. If the laptop or device is stolen or lost, the thief or finder of the equipment would have access to your network key. By contrast, if you're using Enterprise mode, you just have to cancel a user's account or change the password to prevent that former employee from accessing your network. That approach is much easier than changing the encryption key on all your computers!

One problem you might run into when using Enterprise mode is that it requires an external server, called a RADIUS AAA server, for performing the 802.1X authentication. Setting up your own server can take a lot of time and money, so you may want to consider a hosted service such as AuthenticateMyWiFi.

Save Your Key!

Now that you finally have your encryption key or passphrase, remember it! If you're working with a home network, consider saving your key or passphrase in a text file or word-processing document and placing it in your personal files. You might even place it in the Documents folder on every computer. Another great idea is to write your key or passphrase on a small piece of paper and tape it to the bottom of your router. That way, you always know where it is.