What is SSID? Revealing the secrets of identifying your Wi-Fi network

What is SSID? A simple introduction

SSID (Service Set Identifier) is a unique name that identifies a local wireless network (WLAN, Wireless LAN). In most cases, when you are looking for available Wi-Fi networks on your device, the list you see on your screen is the list of SSIDs for available networks.

The main purpose of SSID is to let users find wireless networks in their vicinity and connect to the one they need. It serves as the primary mechanism to divide traffic within a specific radio frequency range.

We'll start by making a history dive and will determine when and how this term appeared for the first time.

When and how the SSID term appeared among the wireless standards

SSID was introduced as part of the IEEE 802.11 standard, which lies at the foundation of modern wireless local area networks (WLANs). This standard was developed and adopted by IEEE (Institute of Electrical and Electronics Engineers) in 1997.

IEEE 802.11 standard was created to provide compatibility between different wireless devices and define their common operating principles. At the time, wireless technologies were just taking their first steps, and it was imperative to define the standards to guarantee the efficiency and reliability of wireless networks.

As time went by, IEEE 802.11 standard was expanded, but SSID remained the key element in identifying wireless networks.

Thus, the history of SSID has been intertwined with the development and standardization of wireless technologies since the late 90s.

Technical details: how SSID works

We answered the question "what is SSID," but how does it work? Here are some of the key notes about it.

Hidden and visible SSID

An SSID can be either visible or hidden. A visible SSID is transmitted by the access point and is displayed among the available networks on the devices that try to connect to the Wi-Fi, while a hidden SSID, as the name suggests, is not transmitted, and users must manually enter it to connect to such a network. However, it is worth mentioning that using a hidden SSID is not a surefire way to provide security, as there are tools to detect even hidden SSIDs.

The role of SSID in the authentication process

SSID plays the key role during the initial stage of connecting a device to the wireless network. When the device initiates the connection, it uses SSID to select the correct network. After that, the authentication process begins, and it can include entering a password or other security mechanisms, depending on the network settings.

Length and character limits for SSIDs

An SSID can contain from 0 to 32 symbols (bytes). It can consist of letters, numbers, and special characters. However, when choosing an SSID for your network, it's best to avoid using special characters that could be displayed incorrectly on some devices and therefore cause issues with connecting to the Wi-Fi.

Automatic connection to Wi-Fi networks

When you successfully connect to a Wi-Fi network for the first time, be it from a smartphone, a PC, or any other device that supports Wi-Fi, it usually remembers the details about that network, such as SSID and (in most cases) password. After that, the device will automatically try to connect to that network whenever it is in range and if the device is configured to automatically connect to known Wi-Fi networks.

Whenever the device sees multiple networks known to it, it will choose the one with the strongest signal.

You can prevent the automatic connection to a specific Wi-Fi network by disabling "Autoconnect" feature on your iOS or Android device.

What if several access points have identical SSIDs?

In the real world, sometimes a device sees two or more access points that have identical SSIDs. It could be two access points of the same large private network, two home routers of the same make and model, both with default settings, or even a deliberately created network that mimics the SSID of an already existing one.

Between the two access points with identical SSIDs the device will prefer the one with the better signal, and if the SSID is already known to the device, it may try to connect to it automatically.

This feature, on the one hand, allows building large Wi-Fi networks with seamless client roaming between different access points, but on the other hand it creates opportunities for malefactors to set up an "evil twin" for the existing network.

If two or more access points announce the same SSID, they can only be distinguished by MAC address.

How to determine the SSID of the network you are connected to

The required steps depend on the type of your device.

How to find SSID on a router

If the default SSID hasn't changed since the initial configuration, you can find it on a sticker on the bottom or on the side of the router's frame. If the network's name was changed at some point, you need to access the router's dashboard and check your Wi-Fi's current settings.

How to find SSID on iOS

Select Settings → Wi-Fi. The network that you are currently connected to will have a check mark next to it.

How to find SSID on Android

Select Settings → Wi-Fi. The SSID of the network you are connected to will have the word "Connected" above it.

How to find SSID on macOS

Open the list of all available Wi-Fi networks by clicking the Wi-Fi icon in the top-right corner. The network you're connected to will have a blue Wi-Fi icon next to it.

How to find SSID on Windows

Open the list of all networks available to your device by clicking the Wi-Fi icon in the bottom-right corner. The network you are connected to will be displayed at the top of the opened panel.

Who assigns my router an SSID?

Most home segment Wi-Fi routers are distributed with a preconfigured SSID. It is often printed on a sticker that's placed on the box or on the router itself. Usually, router manufacturers and distributors choose the router's model or brand as SSID, sometimes with added numbers and letters of its MAC address. Here are some real-life examples of preconfigured SSIDs: NETGEAR, NETGEAR_5G, ASUS, ASUS_5G, Movistar_A1B2, Movistar_3C4D, Movistar_5E6F. The 5G suffix here does not, of course, refer to the 5G technology but means that the network operates on the 5 GHz frequency.

We recommend changing the default SSID to a custom one, and here's why.

Enhancing the security and lowering the attack risk

Standard network names (such as NETGEAR, NETGEAR_5G, etc.) serve as a lure to malefactors. Such SSIDs are easily recognizable, and the attackers can use this information to attempt hacking the network, assuming that the user hasn't changed the other default settings as well (for example, the Wi-Fi password or the administrator password).

If the malefactor decides to attack your network by brute force, knowing the SSID may make their task easier. For instance, there are ready-made "vocabularies" for Wi-Fi attacks that contain most common password/SSID combinations. If your Wi-Fi has a typical SSID, the attacker may try to find the matching password from among the most common ones.

Easy identification for users

It's a common occurrence when a single ISP provides internet access to the entire apartment block. In this case, the ISP will often install its own hardware, and it's not rare when neighboring Wi-Fi networks have similar SSIDs. Changing the default SSID will help you more easily identify your home Wi-Fi and connect to it.

Hidden SSID: for and against

Hidden SSID is an SSID that won't appear in the lists of available networks and will not be visible to outside observers. Most Wi-Fi access points offer an opportunity to hide the network by simply checking a box in the settings. Let's dive a little deeper into technical details to better understand the intricacies of this feature.

All Wi-Fi routers and access points from time to time send Beacon Frames — special data packets that help nearby devices detect these networks and contain the necessary data to connect to them. Every such "beacon packet" contains the SSID field. "Hidden SSID" means that the access point omits its SSID, leaving the corresponding field in its beacon frames empty or filled with zeroes.

However, client devices can send a broadcast request marked as "Probe Request". This is their way of asking: "Are there any available Wi-Fi networks around?" In this case, the nearby access points will return "Probe Responses" stating their SSIDs, including hidden ones.

Thus, even if SSID isn't broadcasted in Beacon Frames, one can still find out about it by sending a Probe Request. This is one of the main reasons why hiding your SSID isn't considered an effective way to ensure security: there are special tools capable of scanning the surroundings for hidden SSIDs.

Advantages of hiding your SSID

The main advantage of hidden SSIDs is that such networks aren't listed among the available ones and therefore simply attract less attention, including from potential malefactors. However, it's important to remember that for an experienced professional, detecting hidden networks is not much of a challenge.

Drawbacks of hiding your SSID

While hiding the SSID may seem attractive from the security standpoint, this approach has several disadvantages.

False sense of protection: some users falsely assume that hiding their SSID makes their network completely invisible. This is incorrect and may lead to neglect.

Harder to connect: connecting to a hidden Wi-Fi requires you to manually enter the network's SSID, which is inconvenient and eats up time. This predicament can be somewhat alleviated on iOS and Android by scanning the Wi-Fi's QR code, but for Smart TV, Apple TV, and other smart home devices there's no way around manual input.

Potential compatibility problems: some devices and operating systems can be not fully compatible with hidden networks. For example, Windows XP and Windows 7 will prefer visible Wi-Fi networks even if their signal is weaker.

Ineffectiveness against experienced perpetrators: despite a hidden SSID may make it harder for a random user to connect to the Wi-Fi, experienced malefactors know how to detect and attack such networks.

In the end, there are some advantages to hiding your network's SSID, but it shouldn't be viewed as the only, or even the main way to protect your Wi-Fi network.

How to change your router's SSID?

To change the default SSID of your router you have to gain access to the router's admin panel. In order to do so, you need to find out your router's IP address first. Here's how you can do that on Windows and Mac.

Windows

• Open the Start menu and enter Command Prompt
• When the console window shows up, enter ipconfig and press Enter
• Find the Default Gateway string in the console's reply. You will see your router's IP address next to it
• Open your browser and enter this IP address into the address bar

macOS

• Open the Apple menu and select System Settings…
• Click on Network
• Select Wi-Fi, find your active network and click on Details… next to it
• Click on TCP/IP
• The IP address of your router will be displayed in the Router field
• Open your browser and enter this IP address into the address bar

Once you've entered your IP address into a browser, you'll see the login form for your router's admin panel. If you don't know login and password, you can try the default ones (such as admin/admin or admin/password) or look the default login/password pair for your router's model online.

Once you get access to the router's admin panel, find the Wi-Fi settings and change its SSID to the desired one.

Attacks on Wi-Fi networks

Wi-Fi networks are susceptible to different kinds of attacks that may compromise their security and confidentiality. Below are listed the most common types of attacks on Wi-Fi networks:

"Evil twin attack": in this scenario, understanding "what is SSID" becomes crucial. The perpetrator creates a fake access point using the same SSID as the real network to deceive devices into connecting to it, showcasing the importance of discerning genuine networks from malicious ones, especially in public spaces.

WEP attacks: WEP (Wired Equivalent Privacy) is a deprecated security protocol that can be hacked with ease with such tools as Aircrack-ng.

KRACK attack: KRACK (key reinstallation) attack is aimed at the vulnerability present in the WPA2 protocol. It allows the malefactor to intercept and decrypt the traffic between the client and the access point.

Handshake Attack: a malicious actor intercepts the handshake process between the client and the access point and uses the captured data to crack the network password.

Wi-Fi deauthentication attack: the malefactor sends deauthentication packets to disconnect the client from the network. This can serve as a part of a bigger attack or simply to create incovenience for the user.

Man-in-the-middle attack: after a successful connection to a public network, the perpetrator attempts to intercept and modify the traffic between the client and the access point (for example, with the help of a fake DHCP server).

Dictionary attack: the malicious actor uses the pre-prepared password dictionary to try to bruteforce the correct one.

DoS (denial of service) attack: the malefactor tries to overload the network by sending a very large number of packets in an attempt to induce a service denial.

Rogue access point attack: the perpetrator establishes an unsanctioned access point to intercept internet traffic and get access to network resources. The difference between this type of attack and the "evil twin attack" is that the rogue network does not necessarily attempt to imitate an existing Wi-Fi network.

Captive portal attack: a captive portal is a network service that requires a user who has connected to the network to perform certain actions to gain access to the Internet. You've probably encountered these portals multiple times when connecting to free Wi-Fi access points. In attack scenarios using captive portals, malicious actors set up a counterfeit network that mimics the existing one, known as an "evil twin," and present users with a captive portal. There are various attack variants:

• Malicious actors might imitate a public network and use the captive portal for phishing user data, such as logins, passwords, access to social networks, or financial information.

• Malicious actors might use the captive portal in an attempt to discover the password to the original network. In this case, the attack may be accompanied by a deauthentication attack on the original network.

Attacks in public and untrusted networks: once a user is in an untrusted network (for example, in a public network without strong encryption or one controlled by a malicious actor), their network traffic becomes accessible for analysis, and they can become a target for phishing attacks.

Security protocols in Wi-Fi networks

Many different security and encryption protocols find use in Wi-Fi networks to prevent unauthorized access. Here are the most notable ones:

WEP (Wired Equivalent Privacy)

This is the very first security standard for Wi-Fi introduced in 1997.

Encryption: uses RC4 algorithm.
Drawbacks: vulnerable to attacks and considered outdated. Can be easily hacked in a few minutes with the help of available instruments.

WPA (Wi-Fi Protected Access)

Introduced in 2003 as an intermediate solution to replace WEP.

Encryption: uses TKIP (Temporal Key Integrity Protocol) algorithm.
Drawbacks: while being more secure than WEP, TKIP has, over time, also become vulnerable.

WPA2 (Wi-Fi Protected Access II)

Introduced in 2004, this standard has become mandatory for all new devices manufactured after 2006.

Encryption: uses AES (Advanced Encryption Standard) algorithm instead of TKIP.
Drawbacks: it was vulnerable to KRACK attacks before it was patched.

WPA3 (Wi-Fi Protected Access III)

The most recent security standard introduced in 2018.

Encryption: uses an improved security protocol and offers additional security features, such as protection from dictionary attacks and enhanced protection in open networks.
Drawbacks: requires new equipment for full compatibility.

WPS (Wi-Fi Protected Setup)

A method that allows users to easily connect to the secure network, normally with a PIN code or with a button on the router.

Drawbacks: vulnerable to PIN attacks which may grant the perpetrators access to the network.

802.1X/EAP (Extensible Authentication Protocol)

Authentication standard that's usually used in corporate networks. Supports various authentication methods, such as tokens, smart cards, and certificates.

For maximum security it is recommended to use WPA3 (if your hardware allows it) or, at the very least, WPA2 with AES encryption algorithm.

Wi-Fi security measures

Summarizing what was said above, to protect your Wi-Fi network from potential threats we recommend to follow these rules:

Use modern security protocols: always go for WPA3 if your hardware is good enough for it. If not, opt for WPA2 with AES encryption. WEP and WPA protocols are vulnerable and unreliable.

Change your default SSID: access the router's admin panel and set a custom name for your network. We don't recommend choosing a Wi-Fi name that can be traced back to you, such as your apartment number or your name.

Change your default password and login credentials: many routers are distributed with default logins and passwords. Change them to unique ones.

Set your own network password: give preference to long and strong passwords made of letters, numbers, and special characters.

Regularly update your hardware: outdate hardware can be a threat to security. Update the firmware of your router to patch vulnerabilities and receive latest security features.

Disable WPS: while WPS can be convenient, it can also be a threat to digital security.

Hide your network's SSID (optional): while not mandatory, hiding your SSID will make it harder for random users to detect your access point.

Restrict access by MAC address: this can allow only select devices to connect to your network.

Create a guest network: if you have guests or devices that don't require connecting to the main network (such as smart home devices), use a separate guest Wi-Fi network (name it accordingly) for them.

Disable remote access: don't allow remote access to your router and Wi-Fi settings.

Network monitoring: regularly check the list of devices connected to your network to make sure that there are no "unwelcome" ones.

Regularly update router's software: make sure that the firmware of your router is up to date. It is vital for protecting your router from attacks.

Use VPN in public networks: use AdGuard VPN or any other VPN on devices which are connected to public or untrusted Wi-Fi networks to ensure the security and privacy for your traffic.

By following these recommendations you will be able to significantly improve your Wi-Fi network's security and protect your data from potential threats.

Additional resources and links

If you want to deepen your knowledge about SSID and Wi-Fi security aspects related to it, we recommend making yourself familiar with the following resources:

Wi-Fi Alliance: this website contains the official documentation for Wi-Fi Alliance. Here you can find technical specifications and manuals on security standards such as WPA2 and WPA3.

Aircrack-ng official website: this is an instrument to test Wi-Fi security. Can be useful both for learning and researching vulnerabilities.

Wireshark official website: a popular network protocol analyzer, used for studying Wi-Fi traffic and analyzing SSIDs.

Reddit's /r/wifi: a place where professionals and enthusiasts discuss topics related to Wi-Fi, including SSIDs, security, and optimization.