Why Windows 10 Says Your Wi-Fi Network “Isn’t Secure”
Windows 10 now warns you that a Wi-Fi network “isn’t secure” when it’s using “an older security standard that’s being phased out.” Windows 10 is warning you about WEP and TKIP. Here’s what that message means and how to fix it.
Starting with the May 2019 update, Windows may show you a message stating your network isn’t secure, even if you know you use a password. If you see this message, then you’re likely using either Wired Equivalent Privacy (WEP) or Temporal Key Integrity Protocol (TKIP) encryption. These encryptions aren’t safe to use, and you should switch to a newer protocol or replace your router as soon as possible.
Why Windows 10 Is Warning You
You probably know you should password protect your Wi-Fi network. Whether it’s to keep the neighbors or roaming bad actors out of your system, it’s just best practice to secure your wireless network. But, when you add a password to your Wi-Fi router, you aren’t just keeping people off your network. The security protocol encrypts your data to prevent anyone in the area from listening in on what you’re doing.
Several methods of encrypting your Wi-Fi exist: WEP, WPA, and WPA2. WPA3 is on the way, too. WEP is the oldest and least secure at this point. Look at this way; the Wi-Fi Alliance ratified WEP in 1999, which makes the standard older than Windows XP, YouTube, and the original iPod. WPA-TKIP was endorsed back in 2002.
That’s why Windows warns you about these networks with the following warning:
[Network Name] isn’t secure
This Wi-Fi network uses an older security standard that’s being phased out. We recommend connecting to a different network.
Why WEP and TKIP Are Dangerous
Unfortunately, despite (or because of) its age, WEP and WPA-TKIP are still fairly widespread. We found WEP was still in use on a relative’s ISP-provided router. We didn’t have to change anything, or enable WEP; they were already using it. WEP is a notoriously lousy encryption option. It has been from the beginning, and it never got much better.
When the encryption protocol first released, most devices restricted WEP to 64-bit encryption due to U.S. regulations. That improved, but as you can see above the router, we tried still used 64-bit encryption. WPA, by comparison, uses 256-bit encryption. Worse yet, several flaws in the protocol were found over time, making the encryption easier to break. In 2005, the FBI demonstrated its ability to crack WEP encryption in mere minutes.
The Wi-Fi alliance intended to replace WEP with WPA-TKIP, but unfortunately, the newer protocol uses many of the same mechanisms. Due to that choice, the two protocols also share many of the same vulnerabilities. A method to break through one typically works equally well with the other. Thus, TKIP is no safer to use than WEP.
Knowing all that, Microsoft wants to warn you if you’re using WEP or TKIP so you can fix the problem. Doing so now is especially important because eventually, Microsoft plans to phase out or “deprecate” support for the protocols. When that happens, the latest versions of Windows 10 won’t be able to connect to these networks.
How to Fix This Error on Your Wi-FI
If you see this message when connecting to a public Wi-Fi network, you can’t fix it. The owner of the router needs to fix it. That’s why Windows recommends connecting to a different network.
If you see this message when connecting to your Wi-Fi network, you should enable stronger Wi-Fi encryption. If your router is relatively new, it will have other options like WPA2 with AES, and you should switch to these. Unfortunately, nearly every router’s administration page is different, so giving directions for making that change is difficult. You may want to look up instructions for configuring your specific model of router or consult its manual.
You’ll want to find your router’s IP and enter it in your browser. Then look for your Wi-Fi security settings. Keep an eye out for sections about WEP or passwords. If you’re wondering what to select, our recommendation is to pick WPA2 + AES first if it’s available and failing that choose WPA + AES.
The wording in your router’s dialog may be slightly different, but all those letters should be there. WPA2+AES might look like “WPA2-PSK (AES)” for instance. You’ll need to update the password on all your devices (even if you use the same password as before) after you make the change.
Update Your Router If You Can’t Boost Encryption
If you don’t see any options better than WEP or TKIP you should replace your router as soon as possible. If you’re using an ISP-provided router, you could contact them to see if they’ll offer a newer model.
But a better option might be to buy one and return the old router to your ISP. They may be charging you a monthly fee to have it and depending on how long you have had the router you could have paid for it several times over already.
You don’t have to spend a lot of money on a router. If you have a medium sized house with a moderate (20 or less) number of Wi-Fi devices, TP-Link’s AC1750 is relatively inexpensive at $56.99 and easy to set up. You can even control it from an app if you’d like.
Regardless of how you stop using WEP or TKIP, the sooner you take care of the problem, the better. Not only are you in a vulnerable position by relying on outdated security protocol, eventually your Windows devices will stop connecting altogether. It’s better to avoid that scenario and protect your network now.