# changing WPA-PK password?



## lkadlec (Apr 23, 2010)

Sorry to have so many questions, but I finally broke down and got a wireless router recently, and I want to make sure I'm doing the right things.

So...my security mode is WPA-PK and when I set the thing up and it asked me for a security key Windows was offering all of these really long complicated strings. Thinking that this was something I was going to have to physically type in to, say, connect my laptop later, I changed it to something shorter (still a mixture of numbers and letters, upper and lower case, no "words," but also no symbols). I want to change it to something better, but I have a couple of questions:

1) Can you give me the basics of what my password/key *should* look like?

2) Where should I go to change the password? I know where to do it on my router's page (if I put my router's set up URL in my browser). I also know that if I go to "Manage Wireless Networks" on my computer I can get to the "Security" tab for my network there. Do I need to change it first on my router and then on my computer or what?

3) My desktop computer is set to automatically connect, and has the password saved on it. My laptop, while set to manually connect, also has the password saved. Related to #2 above, if I change the password at the level of the router, do I need to then change it manually under "Manage Wireless Networks," or will my computers essentially fail to connect and then ask me for a new password?


----------



## johnwill (Sep 26, 2002)

You can use this WPA Key Generator to create a secure key. Also, you can save your key in a TXT file and simply copy/paste it whenever you need to add it whenever required.

Yes, if you change the key on the router, you MUST remove the old stored wireless network profile and search for and connect to the network again and enter the key.


----------



## lkadlec (Apr 23, 2010)

Thanks for your help. 

Just to make sure I'm clear, since I didn't actually include "remove the old stored wireless network profile and search for and connect to the network again" in my list of possible options in my question, is what I need to do if I want to change my key the following?

1. Open a browser and put in my router manufacturer's set up URL address (e.g. that number string that starts with 192.).
2. Change my key via the router set up pages.
3. Go to "manage wireless networks" in Windows and remove my network from my computer's list.
4. Go to "connect to a network," choose my network again, and tell my computer to connect to it, and enter the new key when prompted.

And just for my information - given that one can change network settings (key, security protocol, etc.) on both the router's page (by typing the URL for the given router manufacturer into a web browser) and in Windows (by going through "Manage Wireless Networks," selecting "Properties" and so on), why can you not change the settings on the router and then change the settings in Windows to match (as opposed to having to remove the network from the computer's list and then have the computer search for it again)?

Finally, apologies for posting my question about changing my encryption twice - I only posted it over here because I thought I had maybe put it in the wrong part of the forum the first time. Sorry. However, that thread appears to now a) no longer be in the general networking forum, and b) closed over here in security, but I never got an answer.


----------



## johnwill (Sep 26, 2002)

The drummer that calls the tune for encryption is the router, that's the access point. The client computers have to match the router. Think about your scenario, if the Windows client were able to connect using the wrong key, then you'd have no security, right? :smile:

The answer is yes, you MUST remove the existing profile and search for and connect to the network if you change the router's wireless encryption key.


----------



## lkadlec (Apr 23, 2010)

Thanks again; I appreciate you taking time to reply. I understand what you are saying, that the router is the access point and that the client computers have to match it.

However, I was NOT actually suggesting that the Windows client should be able to connect with the wrong key (which is the scenario you reference in your last reply to me, but is not the scenario I was trying to ask about). I was suggesting that the user could manually change the key on the client machine so that it matches the new key on the router. In that scenario, the client wouldn't be connecting with the wrong key. I can certainly accept the answer, "No, you can't do it that way." However, that begs my question, which is, "Why not?" If you disconnect the client computer from the network, then change the router's wireless encryption key, *why* is it that you can't then go into the client machine(s), and change the key in the "Properties" of the stored network profile and then reconnect (and instead need to delete the profile and have the computer connect again from scratch)? What is the point of having that properties window for the wireless connection, with a security tab that lets you make changes, if making changes there does not actually "work"?


----------



## johnwill (Sep 26, 2002)

Well, I've truthfully never tried that, I guess it should work.

I just tried that on this Windows 7 machine and it does indeed work. Not sure why that's any easier, but it will do the job. :smile:


----------



## lkadlec (Apr 23, 2010)

Thanks for the update! To me opening up properties and changing that one entry seemed easier than deleting my network and searching for and adding it again, but I imagine it's a matter of opinion. :smile:

So to follow up on my original question about changing my encryption from TKIP to AES, does that work the same way? That is, would you normally go into the router set up and change it, and delete the network profile on the client computer(s) and then search for and connect to the network again? And if so should the disconnect from network, go into network properties and change it, and reconnect method work for this as well?


----------



## johnwill (Sep 26, 2002)

I can only suggest you try it. I'm not willing to do that much work to test the idea. :smile: Changing the encryption type might not be as simple as changing the key in the client, but I really don't know.


----------



## lkadlec (Apr 23, 2010)

Fair enough. :smile: 

For the record, I wasn't asking you to test the "change it in the client" idea, just whether you could tell me how one (or you :smile would normally do it (change encryption) and whether you thought doing it in the client would work. That is, if one wants to change encryption, would the "standard" way to do so be to change it on the router and then remove, search, and "re-find" the network on the client? And if not, how *would* you go about it? Reset the router completely and start from scratch? Something else?

I understand what you're saying, that changing the encryption might not be as simple as changing the key in the client via Windows, but if you could tell me how you *would* do it (normally), that would be great!


----------



## johnwill (Sep 26, 2002)

When I changed my encryption from WPA-PSK to WPA2-AES, I went around and reconnected each workstation as I previously described. It's actually very fast, so it seemed somewhat pointless to try to do something else that I have never done. :smile:


----------



## lkadlec (Apr 23, 2010)

Just let you (and anyone else following this thread) know, I tried the "change settings in router and then in network properties on Windows" approach for both password and security encryption and found the following:

For the password, as John found in his test, it seems to work fine. I disconnected my desktop wireless connection, plugged in the Ethernet cable from my router, then went to my router's set-up page and changed the password. I then unplugged the Ethernet and opened up the properties window for my wireless network on both my desktop (Vista SP2) and laptop (Windows 7), and changed the passwords there, and both connected to the network with no problems.

I tried the same process to change my (WPA-PSK) encryption from TKIP to AES. 

For the desktop it worked fine. So far there don't appear to be any issues, and both the router and Windows now report that the encryption is AES.

For the laptop, it seemed to work fine, the computer "connected" and I had an internet connection, but when I went to the network map there was a big blue question mark between my router and that computer, and when I went back and re-checked the map on my desktop, it wasn't able to "place" the laptop on the map (so it showed it down on the bottom of the map page, not connected to anything).

At that point I decided to just disconnect, remove the network, and let the laptop reconnect to it. That seems to have worked.

So...the short answer is that password changes don't seem to require a removal of, and reconnection to, the network, but security protocols, well, I'm not sure.

Thanks again, John, for all of your help. I now seem to be up and running with WPA2 & AES and a 20-character security key. Hopefully my two computers continue to be able to talk to each other and I'm good to go.


----------



## johnwill (Sep 26, 2002)

Thanks for the additional tests, that was kinda' what I expected. Odd that it worked for one and not the other, but the safe method seems to be simply rebuild the profile from scratch. :smile:


----------

