Understanding the attack helps you pick a defense. The four routes attackers take, in rough order of frequency:
Offline dictionary attack
Attacker sniffs a WPA2 handshake, then runs it against a wordlist of 1B+ leaked passwords. Defeated by length and randomness, not by adding a '!' at the end.
Default & ISP-printed keys
Many router-printed keys are generated from a known algorithm tied to the SSID. Always change the factory password.
Shoulder surfing & sticky notes
The most common 'hack' is reading the password off a whiteboard. Store it in a vault and never display it.
Evil twin / rogue AP
An attacker mimics your SSID. WPA3 and certificate-based EAP defeat this; WPA2-PSK does not.
Ready to retire the WiFi sticky note?
TeamPassword stores, rotates, and shares your team's WiFi credentials — encrypted end-to-end.
Get started free