Storing Wi-Fi passwords on linux

Questions
1

On linux, passwords are usually stored system-wide, unencrypted for all users to access. There’s the option (at least on NetworkManager) to store them user-side using any secret service (KWallet, gnome-keyring, KeePassXC). The problem with this, at least with KeePassXC, is that I have to unlock the vault every time to connect to wifi, and it gets pretty annoying. I know there’s always the security over convenience but wondering if its really necessary, or I’m possibly doing it wrong.

Advice is appreciated

1 Like
2

Try full-disk encryption but not encrypting the wifi passwords separately in a password manager :slightly_smiling_face:

2 Likes
3

I already use FDE, you’re probably right

after considering some other things it’s actually just fine, unless theres things like username/password networks that another user of the device that should be using their own login

1 Like
4

I honestly do not store that password into any PW manager.
I mean, I’m also most of the time just wired. :grinning_face_with_smiling_eyes:

But I’d recommend not pushing the boundaries so that everything in your life needs to go through a manager, there are quite a lot of diminishing returns for every day things.
It is quite unlikely that somebody comes next to your door and brute-forces into your WiFi.

And I mean, if they do: having yours stored in a manager doesn’t really make it anyhow secure.
Consider using a big key for some WPA3 Personal and rotating it every few months (weeks?) if really concerned.
Otherwise, you can give WPA3 Enterprise a try but that will induce the need for a RADIUS server, you’ll see which one fits your use case. :+1:t2:

Otherwise: wire yourself up. :heart:

3 Likes
5

On Qubes OS, sys-net, among other system qubes, can be configured to be disposable, which means credentials are not stored upon reboot:

I take advantage of this feature to completely muscle-memorize any frequently used Wi-Fi password.

6

Thanks, but it gets to a point

1 Like
7

It appears your response is malformed.

8

It means there’s a certain limit I’m willing to go for security. Qubes is not for my threat level

1 Like
9

Okay, I understand. How about the concept of muscle-memorizing the most frequently used Wi-Fi credentials?

10

I do but for places that need user/pass combinations I would rather not

1 Like
12
  • Use WPA3 Personal and rotate your wifi password every months.

Why should you rotate your Wi-Fi password monthly?
Use WPA3 and a strong password like “bP52*E!Z%L6iu7mM” and only change it if it is compromised.

  • Memorize your wifi password don’t use password manager.

Also why? There is no need for memorizing a wifi password besides making it less secure.

  • It’s better to keep wifi password as persistent in linux for convenience.

Then why not a password manager? If you keep it in linux it is like a passord manager.

1 Like
13

I thought we retired the idea of changing passwords on a schedule. Most people would get lazy and make them easier, and you just end up cheating yourself. If you’re not one of those people, good for you but my point still stands

4 Likes