What happens if a neighbor has the same SSID?

[noil]

I renamed my SSID to "CoolWifiName" so that it's not the router's generic name, but what if a neighbor in my building uses that same name and uses it as their SSID? Since I wouldn't know which is which, and I mistakenly try to type in my wifi password on their's, would they have access to my password and be able to capture it?

 

[eibgrad]

The SSID is only the starting point, an arbitrary name. Unless both of you have the same wireless security setup (freq., type, and password, which is obviously unlikely), no one's getting into the other's network, whatever the SSID (name).

 

[noil]

But would they be able to "capture" or "see" the password I type when I accidentally click on the wrong one to log on to? Would that "wrong password" be saved somewhere on their system/router/log? That's what I'm trying to get an answer to.

 

[eibgrad]

Any system (wireless AP, website, ATM, etc.) based on simple username/password or PIN (what’s sometimes referred to as pre-shared key) is subject to impersonation (intentional or not) or MITM (Man In The Middle) attacks. That's not to say the other guy's router would make this easy by simply dumping this information to a log. After all, the manufacturer of the device doesn't want to have a reputation for making good equipment for hackers! In fact, that's why some are reluctant/ambivalent about letting ppl install third party firmware on their hardware. It creates the potential to develop rogue wireless APs designed for this purpose.

So yes, this is ALWAYS a potential threat. But that's a compromise made by vendors to keep things simple and convenient for consumers.

There are other ways to do things that would minimize such threats. For example, anyone using SSH is strongly encouraged to use public key encryption (public/private key pairs) instead of username/password for authentication. Or in the case of wireless APs, perhaps a Radius server. But these significantly complicate the authentication process for the average, everyday consumer. So they’re rarely employed except where the risk is much greater and such measures are to be expected.

Even for myself, while I use public key encryption for my SSH sessions, I don’t worry all that much about the wireless AP. For one thing, your wireless client is always going to see and connect to the wireless AP w/ the strongest signal. So the risk from a rogue wireless AP, while not zero, is certainly low (iow, proximity matters). But if you think the threat is real in your case, perhaps it’s time to consider something other than wireless (wired connections always have been and remain far more secure than wireless).

As I say from time to time in these forums, except for the convenience, in all other respects, wireless sucks. As soon as you adopt it, you open yourself to all kinds of issues; security, performance, cost, complexity, you name it. But we sure loooooooove the convenience, don’t we.