Windows 10′s Wi-Fi Sense: What's Really Going On

Ever since Windows 10 hit PCs around the world last week, there’s been a brewing controversy over one of its marquee features: Wi-Fi Sense, which is designed to make it easier for Windows users to log into Wi-Fi networks. On by default, it lets you share access —in the form of the router name and password, both encrypted — to a Wi-Fi router with your friends and contacts on Facebook, Outlook.com, and Skype. Your friends, in turn, can share their access to other networks with you.

For some, this could be a handy feature. For others, it could sound like a security nightmare. Handy or hazardous? Here’s what we know about it.

What is it?

As noted, Wi-Fi Sense is a feature in Windows 10 that lets you share the login credentials — network name and password — for your home or other Wi-Fi router with friends and contacts. Crucially, it does so without letting them see the actual password (see below). It also lets you automatically connect to open Wi-Fi networks.

How does it work?

That last part — automatically connecting to open networks — is pretty straightforward: Microsoft has a database of open Wi-Fi networks (typically public routers that don’t require a password); that database is crowd-sourced from other Windows users. If you come within range of one of those networks, your Windows device will connect to it automatically.

Wi-Fi Sense’s other feature — the ability to share access to Wi-Fi networks — is a bit more complex: When Wi-Fi Sense is activated (and, again, it’s turned on by default), Windows 10 will offer you the option of sharing the login credentials every time you connect to a new router. You can also share access to previously saved Wi-Fi networks.

Once you choose to share access to a given network via Wi-Fi Sense, Microsoft encrypts the credentials and pulls them up to the company’s servers over an encrypted connection.

Next, Microsoft distributes those access details (still encrypted) to contacts of yours who are running Windows 10 on PCs, tablets, or smartphones. If those friends ever come within range of the router for which you’ve shared access, Windows 10 will automatically connect them — without ever letting them see the actual credentials.

There’s one last catch: You can’t receive a Wi-Fi Sense login from your contacts until you share access to at least one router yourself.

How do I turn it on or off?

For Windows 10 PCs, click on the Start button in the lower left-hand corner and select the Settings app. Next navigate to Network & Internet > Wi-Fi. Now scroll down towards the bottom of the screen and select Manage Wi-Fi settings.

On the next screen, under Connect to Suggested Open Hotspots, you can enable (or disable) automatic connections to open hotspots. If you want to receive Wi-Fi network login details from your friends, go to Connect to Networks Shared by My Contacts on the same screen.

You need to have that setting turned on first before you can share any of your saved Wi-Fi credentials. Assuming you’ve done so, go to For Networks I Select, Share Them With My and select the contact lists you want to share with: Facebook, Outlook.com, and/or Skype.

Next, scroll down until you see the names of your saved Wi-Fi networks under the Manage Known Networks heading. Click on the name of the router whose credentials you want to share and click the Share button. You’ll then be asked to re-enter the Wi-Fi password before it can be shared.

To stop sharing, click on the same router name and select the Stop Sharing button.

In both cases, Microsoft says it may take a few days to distribute or erase shared access for a given router among your contacts.

Why would Microsoft implement such a thing?

Making it easier to connect to open Wi-Fi networks is already a common feature available on some mobile devices.

As for sharing Wi-Fi credentials: You know you already do it, but ask yourself how. Email? Instant message? Illegible handwriting on a crumpled piece of paper? However you do it now, chances are it’s (a) not secure and (b) a pain. Wi-Fi Sense solves both of those problems.

Why is this better than just writing the credentials on a piece of paper?

As noted, it’s safer; the people you’re sharing with never know the credentials themselves. And if someone does enter your router password manually from a piece of paper, they then have access to that router for as long as they save the password on their PC. With Wi-Fi Sense, you can revoke access whenever you want.

Is it safe?

There’s always the chance a crafty hacker will find an exploit that exposes Wi-Fi Sense credentials or wreaks other havoc. But it’s still more secure than whatever method you’re using now. Think the passwords you’ve already saved on your PC are safe now? Download the handy utility Magical Jelly Bean Wi-Fi Password Revealer; that’ll show you every single Wi-Fi password saved on your computer.

Won’t this mean that everyone I know, and everyone they know, has access to my home Wi-Fi?

No. Microsoft distributes your Wi-Fi password in a way that your friends can’t see, and Wi-Fi Sense does not allow your friends to re-share with anyone else.

Which of those three networks — Facebook, Outlook.com, or Skype — is safest?

That depends on several factors, principally: What do you use each network for? And which of those contact lists is largest?

As a general rule, the largest group of contacts will be the least secure. Next, figure out where you have the largest concentration of real friends. If, for example, you restrict your Facebook contacts to people you know in real life — personal friends, family, and close colleagues — that’s probably a good choice. But if you’ve been accepting friend requests from complete strangers, you probably don’t want to share your credentials with them.

Will this open my home network to a bunch of total strangers?

Not unless (a) the network you’ve shared with includes total strangers and (b) you explicitly share access to your router over Wi-Fi Sense. Even then, the people you shared with would have to park outside your house in order to gain access to your Wi-Fi. And note: People who do get access to your router via Wi-Fi Sense can only use it to access the Internet; they are prevented from seeing any shared folders or other devices on your network.

What else should I worry about?

With or without Wi-Fi Sense, you should always practice good router hygiene, which means  using a random, hard-to-guess password; setting a separate password for your router’s administrative dashboard; and securing the router with WPA2 encryption.

What about work? I connect to a Wi-Fi network at the office, will those passwords be safe?

Your router logins at work are safe unless you choose to share them with others. Remember, Wi-Fi Sense does not share router access without your consent.

If you’re a small business owner whose employees bring their own devices to work, there are some risks, but there are also a couple of ways to mitigate them. You’d want to establish a strict employee policy of not sharing work Wi-Fi login details. You can opt out of Wi-Fi Sense altogether by adding the string _optout to your router’s ID. Or you could set up enterprise-grade 802.1X Wi-Fi, which can’t be shared.

If you provide PCs to your employees, Microsoft suggests that you manually enter your business’s Wi-Fi password into each machine, without allowing your employees to see or memorize it. (Unfortunately, if they’re really determined, crafty employees could get past by using that Magical Jelly Bean utility or something similar.) Also, make sure that the Share Network With My Contacts option is unchecked when entering that password. Otherwise, you’ll end up sharing the work Wi-Fi password with your employees’ Wi-Fi Sense contacts.

Still have questions about Wi-Fi Sense? Check out Microsoft’s own FAQ on the subject.