The battle to secure the thin air between the untethered computers and wireless access points (APs) has been over for a while now, and it saw WEP banished comprehensively in favour of WPA. It’s probably unnecessary to go into the detail of why WEP was hopeless (LINK) – it was battered to death pretty publically after all - but WPA’s ascendancy as the choice for encrypting Wi-Fi has turned out to be only half of the story – the new security frontier is authentication.
Authentication introduces an extra layer of security into Wi-Fi, because it forces anything connecting to an access point not only to have the right encryption key for the AP, but the correct details for a remote RADIUS server too. As importantly, it allows users to access the most secure versions of WPA, known as WPA-Enterprise and WPA2-Enterprise, whereby encryption keys are changed constantly by the system rather than when the access point owner can be bothered to get round to it.
The gist of Witopia's SecureMyWiFi service is to provide this level of security for ordinary mortals – small business users and home users for instance – who don't have such a thing as an authentication server. It is amazing nobody has though of such a simple idea before. Even now, rivals are thin on the ground, perhaps because supporting the non-technical users the service is aimed at would add costs, and that kills profit.
The home/SoHo account supports 1-3 access points with 5 user accounts, the business edition up to 10 access points and 100 unique accounts. Any one of these access points can be moved anywhere in the world and plugged into any connection and the service will still work.
The only things you need to make Witopia work are an access point recent enough that it supports the correct WPA standards (at least 802.11g and later), a connection to the Internet, and plenty of patience. Although aimed at the general student of Wi-Fi security, setting up the service takes at least 20-45 minutes of focused attention and isn't the kind of thing you'll be able to do while eating an ice cream or watching TV.
Access points can be checked out in advance for WPA compliance using the excellent product checker run by the Wi-Fi Alliance. Still, it's worth double-checking with Witopia even if the AP is on the Wi-Fi Alliance list as we had problems setting up the service with one recent product, the Linksys WAG54GX2. A quick email to Witopia revealed that specific models can cause problems – manufacturer-related glitches - and this was one of them.
Setup starts with the creation of an account, after which an email is sent with configuration instructions. The Windows and access point setup instructions are very clear and really nothing more complex than setting both sides up for WPA-Enterprise and pointing the access point at Witopia’s RADIUS server. We managed it with some fiddling once we’d swapped out our original Linksys router.
One thing to bear in mind is that using authentication increases security, but also complexity. What happens of something goes wrong with the Witopia servers or, more likely, the AP's Internet connection? In that case, authentication will be impossible, and users will be blocked from accessing the network. The only answer to this would be to have admin access to the AP and manually default back to non-authenticated network access, not to mention adjusting each client individually. If nothing else, thinking about such an eventuality brings home the need to properly secure the weak point in any Wi-Fi setup, the access point itself.
In the end, Witopia passes the “why would I need it?” test quite comprehensively. It offers an important layer of security missing form the vast majority of non-enterprise access points, and does so at an attractive price. If you can be bothered to get your hands dirty at setup time, or perhaps just enjoy doing this sort of thing anyway, it will be for you. It's not necessarily as quick and easy to set up as its marketing claims, but this is still time well spent for a long security pay-back.