Sharing Passwords: Our First Idea
We looked into password managers like Lastpass or Onepassword, which we use for sharing access to a variety of tools. The problem is: They don’t work because it’s not a browser window. For all not super technical folks: those password managers allow via browser extensions for Chrome, Safari or Firefox to automatically pre-fill passwords. A manager could then change those from the backend without the user having to think about it. But as said, it works for every browser based cloud software – not to share wifi password – especially wireless passwords since it’s not a browser window but a system window.
The Hacker Method
One smart coworker came up with this idea: If there is not much security you could go ahead and steal wireless passwords from your neighbour. That’s how you don’t have to go with your company’s changes. But I don’t think that will make the IT and security managers in your company too happy (there might be strict regulations which wireless you can and must use).Some people claim Google might even know every wi-fi / wireless password in the world and there are public WiFi sharing Apps like WiFi maps.
In the end what we found is that there are two different types of problems.
The guest WiFi
The main WiFi
Advanced version: here it highly depends on your endpoint security program. If you e.g. have 802.1x authentication in place the IT staff can simply change the user’s individual password. Or if Pre-shared Key (PSK) is used, IT staff can change the global Wi-Fi password (check this post).
Regular solution: if you have an MDM solution like Casper Suite you can remotely provision those credentials onto people’s devices.
Starting out possibility: if you choose to manually distribute those configuration policies you need to use the OS X’s Server’s Profile Manager to create them. Here’s the link to the profile manager: https://www.apple.com/macos/server/features/. They have some pretty good resources around managing MAC’s online but it comes with the downside of having to manually install those on each Mac. You can use the Apple Configurator 2 which might help you out.
People might also look for how to onboard a BYOD device. Here’s a bit of an older white paper from Cisco, but modern vendors like Google allow to manage WiFi, Ethernet and even VPN directly from a console to enforce changes.
Sharing WiFi From Phone to Phone
Since 2017 iPhones running iOS11 or later can share WiFi accesses with their contacts with a single tap. This may not be a solution applicable to your office environment, but it is something to keep in mind whenever you are in a different environment and want to share access quickly (and without communicating any password).
Some General Wireless or WiFi Security Advice
We found it a pretty smart (and environmentally friendly) idea to turn off the WiFi at night using a timer like this digital 7 day appliance timer, which retails on Amazon for as little as $10.