But if the friend who got the password via Wi-Fi Sense has access to the network, that means that at some point, the password had to be in clear text on their computer (since otherwise it wouldn't be able to authenticate to the network). This means that at best, they use reversible encryption, and at worst, it's just stored in cleartext somewhere (this being Microsoft, my guess would be in the registry).

I guarantee that someone will create a tool to get wi-fi passwords shared to them if there isn't one already.

> This means that at best, they use reversible encryption, and at worst, it's just stored in cleartext somewhere (this being Microsoft, my guess would be in the registry).

The status quo is that your password is already stored on their computer with nothing better than reversible encryption.

The status quo is that random business acquaintances and whoever gets automatically added to contact lists via some vulnerability (just wait, it'll happen) do not have my wifi password. Not on their machine, not to share, not access at all. I like it that way. We have something-guest as a SSID for a reason, after all.

You'd need to look up the details, but I think the key derivation for WPA allows you to store a hash of the password. It's almost just as valuable, but technically means you don't have the plain password.

Hmm, interesting. It sounds from your comment like you would still be able to replay the hash in order to connect though, unless there's a bigger system at play that I don't know about.

Yea, I have described the details in another HN comment before.

Perhaps, but as I understand it if I do or have in the past given my friend the wifi password, it will then be automatically shared with his/her friends?

And what if I don't want my password to be stored on Microsoft servers where it can be accidentally leaked, stolen, handed to security agencies, and so on?

No. It will not be automatically shared.

> Sharing your password via Wi-Fi Sense to your friend gives him access to the network, but no knowledge of your password and no ability to share it.

Are you sure? Does "netsh wlan profile SSID-Name key=clear" not show it after you've connected?

You know, you can always ask your friend to let you enter the password on his computer yourself without telling them. It will be stored on their computer in both cases anyway.

If you are already doing that, then you also don't have to worry about WifiSense as the checkbox to enable it for that SSID is right there (and only there) and you can make sure that you don't check it when you type in your password.