Any security concerns with having a very short SSID name?

Hello all,

This is really unimportant, but I’m just curious really. I have renamed my shed access point from the default SSID (for fun, yes, that’s my life) with a single letter and I just wondered if this could risk security some how? I know that it should be a random name to avoid trying to connect to the wrong network, but no one locally to me has done the same thing.

Look forward to any comments!

The SSID is just a human readable string for us to identify and connect to it, of course you could make the argument that keeping the default name is bad because people could exploit known vulnerabilities or having an out their name could be offensive and make it a target but all in all its usually not worth worrying about. its like those who say you should completely hide the SSID so it isn’t broadcast and can’t be found but anyone targeting your wifi network can scan and find those access points and have all the information they’ll ever need from it such as its mac address, manufacture, what channel it is using, type of authentication/encryption and everything. So in all no it shouldn’t really matter what name it is using or whether its short.

1 Like

Short name is fine. And yes, hiding your SSID doesn’t make any sense.

Edit: This wasn’t good advice, thanks to other posters who corrected it.


Length is not as important as being unique. Without getting too technical, your SSID name along with your password are hashed into your routers cryptographic key. So a unique SSID will help guard against preformed rainbow tables if someone tries brute-forcing your network.

1 Like

Rainbow tables can’t be built for WPA2, but there are tables for common passwords and SSIDs. The security of your Wifi is based on both the password and the SSID, so having a very short or common SSID does decrease security a little.

Go here and pick an SSID that isn’t on any of the lists on that page. Then generate a decent password, at least 10 characters and a random mix of letters and numbers.

1 Like

Rainbow Tables can be created for WPA2 networks… Provided they choose the SSID as part of the known variable of the hash. We’re kind of saying the same thing. WPA2 tables can be created but the SSID has to be known or assumed when making them. thus, making a table based off of a common SSID is more probable then one that’s based off a unique SSID.

1 Like

This is important. Rainbow tables would be too big to be practical, however, but common belief is that 8 character passwords take a day to bruteforce on a 1080 (or was it 1080ti), basically.

I wonder if all those Chinese Bitcoin miners will now be switching to offering cloud services / password recovery services maybe.

1 Like

Thank you Michael, for responding so quickly, very much appreciated and full of useful information :+1:

That’s exactly what I was thinking could happen - thank you very much letting me know, I’ll change it to something a little more randomly generated. Really isn’t the end of the world and I prefer to be safe than sorry.


1 Like

This is why all my passwords are over 21 characters. Been hacked once, and it will never happen again. Lost so much money.

1 Like

And when you need to hide, look for Wifi enabled printers and name it like on of them.

1 Like

8 characters from a set of 84 takes about 1 second to break (bruteforce, no dictionary or rainbow table).
20 chars take millions of years if using pure brute force.

Data from 2010:

1 Like

Good call, think I’ll do this soon as well.