Ubuntu Is Storing Wi-Fi Passwords in Clear Text by Default

The problem can be easily corrected by the users with just a few clicks

  Ubuntu 13.10 desktop
Ubuntu operating systems are storing the Wi-Fi profiles, including the clear text passwords, outside the home folder, making them a lot more accessible.

Ubuntu operating systems are storing the Wi-Fi profiles, including the clear text passwords, outside the home folder, making them a lot more accessible.

A user has pointed out that the Wi-Fi passwords are not encrypted because they are stored in a folder outside of Home, which can be encrypted during the installation of the operating system.

“I recently stumbled over the fact, that NetworkManager by default stores Wifi profiles *including clear text passwords* under ‘/etc/NetworkManager/system-connections/.’ I think that is not what one expects when he/she turns on home folder encryption and should because of that be corrected somehow,” said Per Guth on the mailing list.

A Ubuntu developer has explained that this issue is caused by the fact that the option “All users may connect to this network” is enabled by default.

Open network indicator -> Edit connections -> Select network -> Click edit -> and in general tab untick “All users may connect to this network.”

Unchecking that particular option will move the password in the appropriate folder, but it's unlikely that the vast majority of users are even aware of this fact.

It remains to be seen if something will change in this direction or if it's just enough to educate the users.

16 Comments