Helping people with computers... one answer at a time.

Preventing neighbors from accessing a WiFi hotspot with a posted password will be a little tricky. There is one solution that many motels use.

I have a Laundromat and provide free Wi-Fi for my active customers. I also have a neighboring apartment and houses that may be using it also. All they would have to do is visit the laundry and get the password off the wall. How can I block, let's say, the neighbors behind the Laundromat? How about a lead shield?

In this excerpt from Answercast #97 I look at ways a Laundromat could protect the free WiFi access point it is providing for it's customers.

Neighbors access WiFi hotspot

The short answer is no, certainly not a lead shield.

I mean you'd be throwing a lead shield up against one wall, or something like that, and even then I'm not sure that it would actually block things sufficiently. Wireless connections go out in several different directions.

Constantly change password

Unfortunately, I really don't have a good answer for you. What I would do personally in your situation is change the password daily; potentially even multiple times a day if things are really bad. Changing the password daily is probably the simplest way to keep people from connecting. They couldn't come down, see the password once and then connect forever after.

It makes it inconvenient to reconnect to your hotspot. It doesn't make it impossible; I get that - all somebody has to do is walk down read the password and then go back to their home and connect.

That's why I say maybe you want to do it a couple times a day.

Make the password inaccessible

The thing to do of course is to make sure that the password is visible to your patrons but not visible, for example, from the street. Then people who are just walking by can't see the password and therefore can't connect. People actually have to come in.

The other approach is to not post it. Actually change it on a regular basis but only tell it to people who come up to the counter and ask. This is actually what a lot of hotels will do. They will change the password on a regular basis and they will only give the password when someone checks in. They'll give it to them on a piece of paper right then and there.

So that's another alternative that could again make it somewhat more difficult, yet not impossible, for nearby neighbors to use this service that you're providing to your customers.

Problems with open access

Ultimately, it is one of the drawbacks of providing open Wi-Fi access. There is no way of drawing a physical line or ensuring that only those people inside the place can actually use it.

The only other solution that I'm aware of is not use Wi-Fi at all - but actually provide wired internet connectivity.

Unfortunately, especially with all of the different wireless devices that are out there right now, including tablets and iPads and phones and such, that doesn't even solve the problem for a lot of people.

So, ultimately I'd have to just come down on the side of changing the password on a semi-regular basis, probably daily to begin with, and if it continues to be a problem then take the password down off the wall and have people ask for it at the counter.

(Transcript lightly edited for readability.)

Article C6345 - March 10, 2013 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

10 Comments
Doug
March 10, 2013 1:10 PM

One could also log the Mac addresses that are connecting, and reject any 'frequent flyers' using the router's "Deny Mac Address" feature.

Ken B
March 11, 2013 9:50 AM

Many routers have "MAC address filtering" as part of their security settings. The typical use is to give a list of "allowed" computers, and deny access to everything else. Obviously, this is not what you want if you're providing an open hotspot for your customers. However, I just checked our router, and it also has the option to give a list of MAC addresses to deny access to. (In other words, allow all computers *except* those listed.)

Note: The specifics on *how* to do the following varies from router to router, so I can't give specifics w/o knowing the exact make and model.

Set the DHCP "life" to something short (but not "too short"), such as 60 minutes. This basically means that the router will "drop" any connection that isn't used for over an hour. (It's actually more involved than this, but at the most basic level, it means that the router won't keep a connection for a customer that left some time ago. Customers who are there for more than an hour, and keep using the connection will never notice anything, since the DHCP connection will be automatically renewed.)

At some point, if you check the router's DHCP client list, you'll notice the same MAC address just seems to hang around, even though your customers keep coming and going throughout the day. This would either be your own computer(s), or your neighbor's.

You can check your own computer's MAC address by opening up a command prompt (start / run / "cmd"), and typing the command "ipconfig /all | more". The MAC address is listed as "physical address". You may have more than one adapter listed with an address, so write them all down. (Type "exit" to exit the command prompt.)

Once you have your neighbor's MAC address, simply add it to the ban list.

One more thing to add: Today's computers allow you to change your MAC address, so it's possible for your neighbor to connect again if he finds out how you blocked him. If that happens, find the new MAC address and block it. Repeat until your neighbor gets tired and sponges off someone else.

Mark J
March 11, 2013 1:33 PM

If you have the capability, you can have the cash register print the current password on the receipt. Of course, that probably wouldn't work in a laundromat, but if someone reading this wants to protect internet access in a coffee shop of something like that.

Scott Currier
March 12, 2013 9:42 AM

I agree that mac filtering is a good first step and may solve the problem.

Instead of a lead shield it may be possible to place the wifi base station such that the signal outside your laundromat is minimized.

A box with aluminum foil placed along the bottom and sides and then placed upside down over the wifi base station should attenuate the signal noticably and may make it difficult or impossible to access the wifi base station outside of the laundromat. Make the box big enough so that the wifi base station doesn't get too hot.

If you have a basement, put the wifi base station in the basement.

Once you have taken steps to minimize the signal outside of your business, the next step is to take a notebook computer and check and see how far outside the signal is accessable to determine if you need to do more work or if the signal is weak enough to minimize the chance of anyone unauthorized is connecting to it.

Of course, after hours, you'll want to keep an eye on who connects to the base station. You can do this remotely by logging into the base station. If you have people connected and your business is closed, MAC filter them out.

Some base stations can be set to automatically turn off the wifi or seriously restrict access on a time of day basis. Thus you may want to look into this feature and shut off wifi or shut off web access after business hours. That way if someone does connect, they won't be able to do much.

Scott Currier
March 12, 2013 10:01 AM

One last thing, I have seen in the past wifi base stations that were designed with this application in mind. One had a port for a label printer that would print each customer a unique password. I did a search and unfortunately couldn't find any such routers but I am sure they are still available.

In the meantime, I would look at router placement as well as steps to attenuate the signal to a point where outside the laundromat it's very weak. Couple that with Mac filtering if it's requried and you should be all set.

If I were in your position I would also look for a base station that allows you to vary the power output. The typical power output of a wifi base station is about 20mw. If you could cut that down to 2mw that would be a 10db decrease in signal strength. The signal in the laundromat should still be usable but outside it's going to be 10db weaker. The Ubiquity Nano Stations allow you to adjust power but I am not sure how low they go.

If the wifi base station has an external antenna I would start by unscrewing the antenna and checking range. Chances are it's not going to be. So, you use a small pice of solid copper wire or even a paper clip as your antenna making it big enough to barely cover the laundromat.

Mind you, at 2.4 gHz the antenna is likely only to need to be an inch or so. Very small.

Doing this is very bad practice and purists would jump up and down but due to the low power levels involved I doubt that you're going to damage the transmitter. If you do, so what, base stations are available for under 20 bucks. We're not talking a lot of money.

With a poor enough antenna you should be able to create a cell size of 20 or 30 feet from the base station which should be adequate.

When you do your testing, use a notebook computer with built in wifi. The wifi built into phones typically isn't very good and while the phone may show no signal at 30 feet, a notebook with a good wifi antenna built into the screen may show signal at 100 feet or more.

If you need greater wifi range for your employees or yourself, use a separate base station for your own use and protect it with it's own key.

One last option. If you don't care that some people won't be able to connect. Use a dual band base station and shut off the 2.4 gHz access point and use only 5 gHz. 5gHz does not have nearly the range of 2.4 and you may find that there are no 5 gHz users within range outside of the Laundromat. More and more devices are supporting 5 gHz. As time goes on, the option of dropping 2.4 and using only 5 gHz will be more and more attractive if you want to tailor the cell size of your wifi to match that of your property or business.

Good luck.

BillP
March 12, 2013 10:36 AM

On the other hand, you could just ignore your sponging neighbours (on their conscience be it...) and spend your time on something more fruitful and carefree.

If you're not quite prepared to ddo that, why not engage the graspy neighbours with a cheery greeting and a few minutes' idle chitchat (but let it be know that you are the operator of the nearby laundromat). I bet the surreptitious poaching dramatically decreases once they have a human face in mind.

You could also rename your connection something like "You're welcome to use this network. In return, please patronise Such-and-such laundromat."

Robert Coates
March 12, 2013 12:07 PM

What about using directional antennas instead of antennas that send the signal out in all directions?

I also agree with the comment that you might just want to ignore it and spend your time on something more fruitful. Solving this problem may be more trouble than it is worth. However, maybe the reason you're trying to solve it is the connection gets really slow from so many people using it? If that is the case, many routers can block certain sites or sites based on keywords, so you could filter out adult sites or sites that take a lot of bandwidth like YouTube.

Steve
March 12, 2013 12:41 PM

OK,
1) A shield does not have to be lead, it can be foil or foil-faced foam for example, or a wire mesh and it will help a lot. This is not an altogether bad idea, I would consider it.

2) You are probably concerned about excessive use of bandwidth. You could usea Gargoyle equipped router (look it up) to put quotas and/or bandwidth limits on each connection. You could also set times for it to work on the laundrymat's password so that when closed, the system is shut down. You could then setup a additional router/AP and password for the apartments which will have their own passwords that are not published and are not on a time limit.

3) MAC address filtering is a favorite tool/technique of the partially informed. Forget it, ok? For several reasons, it's not practical in most cases, nor effective. Do the research if you really, really need to understand why, or just ignore the suggestion (my suggestion!).

Russ
March 12, 2013 2:31 PM

I have a router (Cisco) that we use at home, and not for the neighbors. One thing the setup allows you to do is set how many users can have an address. I would think that changing the password daily/and or having customers ask for it, adjusting antenna power, potentially trying a shield, having a set time its on would really help control who gets to enjoy it and who can't be mooching off of you. The default for our router I think had like a hundred different addresses available? (Linksys E900), and I changed it to like 10 addresses available. I think I can also adjust the power output on the router. Checking specs could maybe make life a lot easier? What do you think Leo?

snert
March 13, 2013 10:04 AM

For a shield you can use aluminum foil. Cover one side of piece of cardboard, place it behind/around the router's antenna(s) to focus/isolate the signal away from the apartments. A shield could also be made from wire screen.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.