Back in 2009, I was ranting about hotel passwords and the lack of any serious consideration most gave to their wifi access,
Hotel internet access passwords — Here’s a case for Captain Obvious and Well Hallelujah! Big Brother has finally acted!
Well here I am in 2015 writing again on the subject. As you can guess, I’ve used plenty of motels and hotels in the intervening almost six years. As you can guess again, I’ve pretty much given up on my rant since then. And, as you can guess yet again, I’m currently sitting in a motel, using their WiFi.
And can you guess what comes next?
Well, when I checked in, they asked me “Would you like WiFi access?” which tipped me off to ask about whether or not the passwords are auto-generated each time someone checks in. Of course the poor lady was bewildered by the question, to which I responded, “Don’t worry, I’ll have the answer to my question when you hand me that ticket.” And whaddya know, it had a wifi access code that was obviously created on the spot after she’d clicked once or twice on her keyboard and looked at the screen before writing on the ticket. Not too too strong at only five alphanumeric characters, but it wasn’t a dictionary word. The sign in page said that the code was case-insensitive. My untrained eyes would guess it would only come up in a brute force attack, if someone were willing to try all 60,466,176 possible combinations, assuming it’s just the 26 letters in the alphabet and the 10 digits, with no special characters, and they only give out codes five alphanumeric units in length. Of course this ignores the fact that only the “currently active” codes are, well, active, that the system probably has some kind of maximum tries per period of time per mac address, and the like.
Of course, it would probably be cheaper and easier to rent a room, but then I don’t really know how easy or difficult
Of course this story’s postcript is that when I entered the code, it didn’t work — so I called to the front desk to report this and ask for a new one. Whaddya know, Big Brother not only has finally acted, he keeps records — the nice lady asked “Is it such and such?” I answered “not quite, here’s what’s written.” Turns out, the handwritten part of the code that said “U1” sure looked like a “W”.
Hallelujah, indeed.