Branch-office Wi-Fi networks could be at risk if they use small-business and consumer products thanks to poor security.

Certification for WPA, the interim security spec created by the Wi-Fi Alliance, is now mandatory to get a Wi-Fi brand. However, vendors are not rushing to certify their SOHO products, saying that WPA is overkill.

"Our decisions are customer-driven and our customers are very pleased with the levels of security we offer now," says Lianne Caetano, a Netgear product-line manager, who adds that changing the Service Set Identifier number, or turning off the SSID broadcast, is often enough for them. "The expectation is that most hackers aren't sitting outside residential areas trying to hack into someone's network."

Netgear has promised to certify its business products but is noncommittal over consumer devices. Linksys has certified 11 products to WPA Enterprise and plans to certify consumer products over the coming months.

Meanwhile, Belkin and SMC both say their products support WPA, but have not certified them yet. Belkin blames bad timing, saying it had just certified all its products when the Alliance made WPA certification mandatory.

But the Wi-Fi Alliance does not think this is good enough. "SMC can't support WPA unless (products have) been certified," says Brian Grimm, a spokesman for the group.

The Alliance offers a consumer-level test, WPA Personal (formerly called PSK), which leaves out the requirement for an authentication server, which most SOHO users will not have. It has also combined tests to reduce the cost and time for certification. For more detail, see our feature on the lack of WPA certification in SOHO equipment.

Worried about low security on SOHO Wi-Fi kit? Or think that it's easy to add security to commodity products? Tell us in our Forum.