5 Million Unsecured Wi-fi Networks: Why We’re Still Failing at Basic Network Security
As of 2025, more than 5 million unsecured Wi-Fi networks are active worldwide. Schools, hotels, small businesses, and even enterprise guest networks continue to rely on open or shared-password Wi-Fi....
What is Opportunistic Wireless Encryption (OWE) in WPA3?
Public Wi-Fi is available everywhere. However, behind the convenience lies a long-standing issue: unsecured Wi-Fi networks lack encryption, exposing user data to eavesdropping and attacks. Opportunistic Wireless Encryption (OWE), a...
How Safe Is The EMF Exposure From Wi-fi?
Most people use Wi-Fi, which emits electronic and magnetic fields (EMF). But are the EMFs from Wi-Fi dangerous? The short answer is no, but we'll dig into the question further.
An Overview Of Passpoint In Network Infrastructure
Wi-Fi access has evolved from the manual selection of Service Set Identifiers (SSIDs) to the automated, secure connectivity of Passpoint. Initially, users had to browse a list of available SSIDs,...
A Deep Dive into the Security of WPA2-PSK
In Wi-Fi security, one protocol stands out for its widespread adoption and significant role in protecting data: WPA2-PSK. This protocol, short for Wi-Fi Protected Access 2 – Pre-Shared Key, has...
How Does WPA-Enterprise Secure Your Network
Securely authenticating network users is a fundamental aspect of network security and is the source of significant challenges for many network administrators. Authentication security has never been more important; In...
How To Test MITM Attacks And Protect Networks
A man-in-the-middle (MITM) attack is a highly effective type of cyber attack that involves a hacker infiltrating a private network by impersonating a rogue access point and acquiring login credentials....
Windows Defender Credential Guard and PEAP MS-CHAPv2
In today’s evolving world of cybersecurity, protecting data and user credentials is of utmost importance as it is the biggest threat to an organization’s security. Microsoft has implemented two security...
2024 Guide to Android Network Settings
Android network settings are critical for ensuring a seamless connectivity and security for users. These settings cover a variety of parameters controlling VPN connections, mobile data, and Wi-Fi, among other...
EAP-TLS Explained: How It Works and Why It’s Secure
Extensible Authentication Protocol–Transport Layer Security (EAP-TLS) is an IETF open standard defined in RFC 5216. More colloquially, EAP-TLS is the authentication protocol most commonly deployed on WPA2-Enterprise networks to enable...
What is Port-Based Network Access Control (PNAC)?
Network security is one of the important factors for organizations of different sizes. As cyber threats evolve, authorized access to network devices and critical resources becomes very important. Port-Based Network...
How is a Smart CAC Card Used in A PKI?
Public Key Infrastructure (PKI) is one of the most robust methods for safeguarding sensitive information, particularly within the Department of Defense (DoD) ecosystem, where it secures sensitive data and communications...
What Are Wildcard Certificates?
SSL certificates (Secure Sockets Layer) and their successor TLS certificates (Transport Layer Security) are critical for establishing secure communications over the Internet. They authenticate the identity of a website and...
What is a Hardware Security Module (HSM)?
Data security has never been more critical. Hardware Security Modules (HSMs) are pivotal in safeguarding the cryptographic infrastructure of numerous global enterprises. HSMs have come a long way, from niche,...
Mitigate the Risks of a Pre-Shared Keys-Based Network
Wi-Fi security is designed to safeguard data as it traverses the airwaves in wireless networks. Wi-Fi Protected Access (WPA) emerged as a response to the glaring deficiencies of its predecessor,...
What is WPA Authentication?
The ubiquity of Wi-Fi networks in today’s world has made them popular targets for cyberattacks, especially if they rely on vulnerable mechanisms like passwords. In a 2021 study, security researchers...
2024 Security Analysis of PEAP-MSCHAPv2
These days, wired and wireless (Wi-Fi) networks are ubiquitous. Organizations need these connections to perform critical business functions, but these connections are susceptible to various ever-evolving cyber threats. As a...
How to Authenticate to VPN with EAP-TLS
In today’s world, VPNs (Virtual Private Networks) are very important for individuals and small and large-scale business owners. However, utilizing a VPN can be tricky due to some common difficulties...
WPA3 vs WPA2: What’s the Difference?
The standards used to protect wireless/Wi-Fi networks have evolved over the years to keep up with emerging threats and protect sensitive data. WPA2 and WPA3 are some of the more...
Kandji Enterprise Wi-Fi Profile Settings Guide
With a focus on centralized control of Apple devices, Kandji stands out as an innovative leader in modern enterprise management. IT managers can easily automate device deployment, enforce security policies,...
Best Wi-Fi Security Settings MacOS
In a world driven by digital connection, safeguarding the security of our Wi-Fi networks is critical, especially for Mac users. Despite its strong standing, the macOS environment is not immune...
Configure Google SCEP Certificate Automatic Enrollment Profiles
Certificates are far superior to credentials and mitigate many vulnerabilities associated with pre-shared keys. They enhance the user experience by facilitating network access and removing password-related friction induced by password...
What is Secure Sockets Layer (SSL)?
Security over the internet has drastically improved in the few decades that the internet has been widely available. The average user doesn’t realize how much goes on behind the scenes...
How to Connect to Passpoint Wi-Fi on iOS
In a nutshell, Passpoint is a protocol developed by the Wi-Fi Alliance that allows users to connect securely to a Wi-Fi hotspot. Designed to operate like roaming works for cellular...
Layer 2 Attacks that Defeat PSK Networks
Move away from traditional PSKs to digital certificates and protect your network from Layer 2 attacks. Know more here!
Cloud RADIUS for Wi-Fi Authentication
A survey found that 74% of IT decision-makers whose organizations have been breached in the past say it involved privileged access credential abuse. While Wi-Fi revolutionized networking during the transition from...
What the Windows 11 TPM Requirement Means for Microsoft
Cyberspace is a rapidly evolving world, and in order to keep up with the pace, tech organizations must evolve at a similar speed. The cyber performance enterprise Riverbed recently analyzed...
Can I Use Google Secure LDAP for Wi-Fi?
LDAP’s importance cannot be denied. As a protocol, it has greatly simplified the directory search process. Unfortunately, as time goes on, LDAP has begun to grow outdated, especially given its...
How to Issue a Certificate from a Microsoft CA Server
Now that we’ve learned passwords are not a secure form of authentication, organizations are implementing digital certificates, which provide stronger security and can be leveraged for more efficient network authentication....
How to Configure Azure AD Attributes on Certificates
Attribute mapping in Azure AD (Microsoft Entra ID) is easier than you might think. With a simple SAML application, you can use customizable Azure attributes to enforce dynamic policy options...
How To Use Active Directory in the Cloud
Organizations are making the much-needed transition to cloud-based network solutions. To ease the transition, Microsoft created Azure Active Directory to aid clients in moving their directories from the on-premise Active...
TLS/SSL Encryption with Azure
Improving cyber security is crucial for organizations as one cyber attack could trigger the downfall and bankruptcy of an entire business. That’s why end-to-end encryption has become a network security...
A Passpoint Solution for MAC Randomization
Although MAC Randomization has been around for a few years, it has really grown in popularity with the beta version of Apple iOS 14 update because it’s a default enabled...
Enhanced Azure Authentication with Yubikey
The cross section of organizations that use Azure AD (Microsoft Entra ID) for identity management and Yubikeys for MFA is already sizable and growing by the day. Recent advancements in...
Use Azure AD B2C for 802.1x Authentication
Microsoft employs a myriad of acronyms for their product names, so it’s often difficult to tell them apart or to guess their function. “Azure AD (Microsoft Entra ID) B2C” is...
What Is RADIUS Redundancy?
In all manner of security, redundancy is strength. It’s a way to ensure that no matter what goes wrong, there is a backup plan in action that can certify safety....
How to Use VPN With Azure AD
As cloud-based solutions are gaining popularity, many organizations are having trouble transitioning to their on-prem servers. To help alleviate some stress, Microsoft created Azure AD (Microsoft Entra ID) to aid...
Okta Vs. LDAP
For many years, LDAP has been the dominant protocol for secure user authentication for on-premise directories. Organizations have used LDAP to store and retrieve data from directory services and it...
User Lookup With Certificate-Based Authentication
Traditionally, the process of authenticating certificates for network access is independent of the user directory. And in a normally-functioning network environment, this is perfectly acceptable. Certificate-based authentication is ironclad and...
Dynamic RADIUS Policy Enforcement with Static Certificates
Certificate-based WPA2-Enterprise networks are extremely secure, but x.509 digital certificates can be a hassle to manage. Although SecureW2 has one of the best certificate management platforms in the industry, we’re...
Active Directory Vs. LDAP
Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) are two terms frequently used regarding directory services. These solutions are essential frameworks for managing user identities, resources, and network configurations...
How to Use Google for 802.1x Wi-Fi
Organizations are making the much-needed transition to cloud-based network solutions and Google is a forerunner in getting people’s devices and networks in the cloud. However, for some, getting your devices...
What is Dynamic RADIUS?
SecureW2 is pleased to announce the invention of a whole new kind of AAA server – Dynamic (Cloud) RADIUS. It will revolutionize the way you authenticate users and enforce policies...
Generate x.509 Certificates with Okta
A major challenge that organizations face in regards to certificates is enrolling users without Active Directory. In response, SecureW2 has developed a solution that can provide a certificate-based network regardless...
Are Passwords Secure?
Credential-based authentication is the method nearly all network users are used to and has been a common tool for decades. But unlike other decades-old technology, passwords have not been phased...
The Importance of Authentication Security
Authentication acts as the first line of defense to allow access to valuable data only to those who are approved by the organization. Many organizations recognize this and utilize Multi-Factor...
Mobile Authentication with 802.11u
As mobile device users continue to expect stronger roaming connections and faster data speeds, Wi-Fi Alliance developed PassPoint to meet these high standards. It allows users to easily transfer from...
Enabling Windows Machine Certificate Authentication
Looking to use certificate-based authentication on your managed windows devices? Machine authentication with x.509 certificates permits managed Windows machines that don’t belong to any users, to authenticate onto a 802.1X...
YubiKey PIV Certificate Management
Many organizations purchase security keys like the YubiKey to streamline and secure access to various applications, but they can be used for much more. The YubiKey in particular has the...
How to Set Up RADIUS Authentication with Okta
As the internet continues its trend toward ubiquity, the dangers of lackluster network security have become increasingly apparent. With 10 million attacks targeting usernames and passwords occur every day it’s...
802.1x Without Active Directory
802.1X is the de facto gold standard that organizations should strive for when it comes to authentication; it’s safe, secure, and efficient, especially when combined with certificates. However, setting up...
Enable Secure Wi-Fi with AD CS
In an age where people have migrated to conducting business online, organizations must ensure their Wi-Fi networks are protected from outside threats. Cyber attacks, including the infamous man-in-the-middle attack, prey...
The Risk of Expiring Web Certificates
Certificate use in a variety of mediums continues to grow, but your certificate provider cannot protect against a common certificate mistake: missing expiration dates. This isn’t a major issue if...
How to Issue Sectigo Certificates
Sectigo, formerly known as Comodo, is a leading provider of digital identity solutions. One of their main products are SSL/TLS certificates and Public Key Infrastructures (PKI), which allows the client...
How to Issue Digicert Certificates to Devices
Digicert offers a variety of SSL certificates to accommodate any organizational structure and fulfill their specific needs. They supply you with the tools to configure any Platform/OS combination, giving the...
How to Prevent VPN Phishing Attacks
What is a Phishing Attack A phishing attack is a type of social engineering attack that is used to steal an unsuspecting user’s data by masquerading as a trusted platform....
Man-in-the-Middle (MITM) Attacks: Explained
If you’ve ever watched this scene from Spongebob Squarepants, then you have a basic understanding of a man-in-the-middle (MITM) attack. According to UPS Capital, cyber attacks cost small businesses an...
PKI-Supported CMS for Yubikey
A CMS (Credential Management System) or SCMS (Smart Card Management System) is an invaluable tool for organizations using smart cards and security keys. They have many functions to control credentials...
Configuring a PKI for Wi-Fi
Wi-Fi security and availability is imperative for businesses now that online communication is the standard. Many organizations use passwords to authenticate user devices, but that is no longer a viable...
How to Automate Certificate Management and Provisioning
One of the biggest hurdles in certificate management is the lack of experience in finding the proper certificate management solutions. Often, administrators are of the notion that their only option...
Can I Use Passpoint with Microsoft Azure?
The best way to ensure roaming internet access for employees is by deploying Passpoint. Whether you just need to be covered across campus or want to extend your network to...
The Best Way to Manage Microsoft Certificates
A primary weakness of password-based authentication is the human element. Passwords can be forgotten, shared, or stolen, making them a nightmare for IT admins. Forgotten passwords can lead to service...
Can I Use Passpoint with Google Workspace
Passpoint is the premier tool for ensuring your users have network access while roaming, but it can be a little difficult to deploy. Fortunately, SecureW2 has a solution that integrates...
Can I Use The Okta RADIUS Agent For My Wi-Fi?
An Okta RADIUS server agent is a lightweight program that runs as a service outside of Okta. It is usually installed outside of a firewall which gives Okta a route...
Top 3 Mistakes Setting Up AD CS Certificate Templates
In order to use certificates for authentication, a security trend caused by the inadequacies of password-based authentication, a public key infrastructure (PKI) must be in place. Active Directory Certificates Services...
Creating Private Certificates Authorities for Internal Use
What is a Certificate Authority? A certificate authority (CA) is an entity that distributes digital certificates to devices. These certificates cryptographically tie an identity to a public key, ensuring that...
List of Passpoint-Supported Operating Systems
Passpoint is a great tool to enable your network users to have continued access to the internet – whether they’re roaming around the city or moving from building to building...
Passpoint r1 & r2 Compared
Enabling an online connection while users are away from their home networks has been a challenge for those that want a complete and efficient system. The use of mobile data...
Yubikey Certificate Attestation Improved
Cyber security is ever-evolving to counter the attacks that are getting more aggressive by the day. One-step authentication is no longer enough to establish identity with absolute certainty. 2FA (two-factor...
Enterprise PKI Management in the Cloud
As the importance of secure authentication continues to rise, many organizations are looking for lightweight, cost-efficient solutions to their cybersecurity concerns. This has caused many to question the efficacy of...
Why ECC is the Solution for IoT Security
ECC, or Eliptical Curve Cryptography, isn’t a new technology – it’s relatively old, actually, Despite being around since 1985, it has just recently begun to gain popularity as an alternative,...
Using VPN for Remote Work? Don’t Make this VPN Security Mistake
We have never been more connected with others than we are today. The workforce is quickly moving to mobile devices. Remote work has picked up dramatically due to the COVID-19...
Why Most Are Leaving LDAP With WPA2-Enterprise Behind
For years, the credential-based network authentication standard was the Lightweight Directory Access Protocol (LDAP). The security and efficiency offered by LDAP provided the necessary protection levels for everyday WPA2-Enterprise operations....
Managed PKI VS Private PKI
Deciding between a managed PKI and a private PKI is a difficult decision. Each method of PKI management has advantages and disadvantages, and if you’re coming from a place of...
Phishing Scams Are Now Capitalizing on Coronavirus
COVID-19, better known as the Coronavirus, is spreading throughout the world right now and has a lot of people concerned. This has led to scammers incorporating the virus into their...
PPSK Is Not an Alternative to 802.1x
Believe it or not, the aging WPA-Personal protocol has seen some innovation in the past few years. Several companies have developed unique PSK authentication protocols with varying names, though “Private...
Top 3 PEAP-MSCHAPv2 Mistakes Made by Universities
Credential-based authentication with PEAP-MSCHAPv2 is still commonly used, and for some network types it is appropriate. A home network or a small coffee shop offering free wireless can benefit from...
Best Practices For IoT Security
The explosion of Internet of Things devices (IoT) onto the technology market has revolutionized how businesses operate. The endless possible applications of these incredibly diverse devices has led to a...
3 Mistakes Universities Make Deploying 802.1x and WPA2-Enterprise
Over the past decade, we’ve helped hundreds of organizations around the world secure and set up WPA2-Enterprise networks. While WPA2-Enterprise remains the golden standard for 802.1x authentication, there are many...
Certificate Security for IoT Devices
Internet of Things (IoT) devices have been a rapidly growing industry trend that can provide invaluable and unique data to many organizations. While most devices are designed to maximize the...
Cloud vs. On-Prem RADIUS: Which is Better?
A requirement for all WPA2-Enterprise networks is the use of a RADIUS server. A vital part of the network, the function of a RADIUS is to authenticate the user and...
Update Your Browser to TLS 1.2 to Support 802.1x WPA2-Enterprise
Organizations should be aware of an important update to TLS. TLS 1.2 is the most recent update that builds on top of TLS 1.0 and TLS 1.1 to increase network...
Best Practices for AD CS Configuration
Many companies use Windows servers as the main component of their IT infrastructures. If those companies want to use digital certificates for their network, they set up a public key...
Stronger Multi-Factor Authentication With Certificates
It’s widely held knowledge that using a single factor for authentication to wireless networks is less than secure and easily exploited by hackers. According to IBM’s X-Force Threat Intelligence Index,...
Certificate-Based Authentication for Okta PIV Cards
Efficiency is the name of the game when operating a wireless network. Designing every facet of the network with the user experience in mind will result in a streamlined system...
What is Public Key Cryptography?
Public key cryptography, a synonym for asymmetric cryptography, is a clever cryptographic system that allows two parties to exchange encrypted information publicly without worry of interception. Many cryptographic systems are...
Configuring Yubikey Desktop Login on Jamf-Managed Devices
Yubikeys represent an exciting opportunity to merge two features that are often at odds: security and convenience. Many organizations have purchased Yubikeys and distributed them to their employees for that...
Unlock the Potential of Security Keys
Security keys, also called hardware security keys, are a method of authentication that offers an additional layer of hardened security. They can be used to login to desktops, Wi-Fi, and...
How To Avoid BYOD Onboarding Issues
In today’s mobile era, consumers are no longer chained to a bulky desktop in a cubicle or classroom. They are doing business, taking classes, and accessing resources on the go...
Use WPA-2 Enterprise To Efficiently Onboard Thousands of Devices
Each year, college campuses must navigate the trials associated with successfully onboarding thousands of new students to the wireless network. This may have been moderately challenging 10 years ago, but...
iOS 9.x Wi-Fi Connectivity Issue with EAP-TTLS and EAP-PEAP: Explained
The iOS 9+ bug: Why do PEAP or TTLS users get locked out of Wi-Fi when their password is updated? Why and how does TLS authentication still work? Should you...
Top 3 Mistakes When Setting Up a WPA2-Enterprise Network
The importance of wireless security cannot be understated as the threat of data theft continues to rise. WPA2-Enterprise networks are the first line of defense – they’ve been proven time...
Streamline Your Network with a Single Sign-On Policy
Organizations that seek out opportunities to improve the efficiency of their network should consider using SAML authentication to implement a Single Sign-On (SSO) policy. First and foremost, SAML is an...
How Vulnerabilities Put Sensitive Data at Risk
Cybersecurity is one of the most dynamic and complex industries in the world today. A business that provides cybersecurity software or products is not just competing against other companies; they’re...
Efficient Device Onboarding for Higher Education
An important first task for incoming students is to connect to the secure network they will use for all their on-campus studies. If the process is less than smooth, the...
Equifax’s Story: The Risks of Lax Security
On July 29th, 2017, Equifax discovered that data was leaking out of the credit bureau’s databases and had been since approximately mid-May of that year. They publicly reported the incident...
Implementing SSL Inspection
The proliferation of HTTPS websites has been a benefit and a challenge for network administrators. Overall, HTTPS enhances the overall security of websites because it encrypts the communications between the...
Simplifying the Onboarding Process
The most common questions we get in reference to onboarding new users aren’t related to using the software, but rather how to direct users to the software. SecureW2 has developed...