dannydb's profile

Thu, Nov 11, 2021 3:37 AM

31-character WiFi password limit is absurd

After three years on a base station running 1.x firmware (the unit would not receive firmware updates), I finally switched over to a new base station running 2.3.10, and out of the blue the new unit won't connect to WiFi using the same password literally dozens of devices in my home connect with because it is longer than 31 characters. The old firmware had no problem with the long password, and now all these "Wi-Fi security improvements' that have shipped in the 2.x revisions means I have to make the password I use for my network less secure.

Really, really disappointing.

And to make matters even more confusing, the cameras in the system will still accept passwords over 31 characters.

Simplisafe, please fix this. A security product should not require less-secure passwords.

Community Admin

 • 

2.9K Messages

Il y a 9 m

Hi danny.debelius,

The current limit for both SSID and Password is still 32 characters (it's a firmware limitation in the Base Station). But the limit was actually even fewer in previous firmware versions. If the same password had previously been accepted, there might be something else going on.

If by cameras, you mean the Indoor Camera or the Video Doorbell Pro, those use a QR code method for entering a password. So they are limited by how many characters can fit in the QR code.

- Davey D.
Community Development Manager
SimpliSafe Home Security

7 Messages

Il y a 9 m

Davey,

If that's the case, then why am I reading a validation error message in the iOS app base station Wi-Fi screen that says "The password must have between 8 and 31 characters.'

32+ character passwords are not possible in the iOS app form input, and are rejected as "incorrect' from the keypad. 31 character passwords work.

Regarding the camera passwords, you can change the Wi-Fi network through the iOS app and that password input still accepts 32 characters.

Community Admin

 • 

2.9K Messages

Il y a 9 m

Hi danny.debelius,

Apologies, just double-checked with our engineering team. Turns out the limit is actually 31 characters, so you're right.

But the limit has been 31 since Firmware 1.1 (prior to that, the limit was 18).

- Davey D.
Community Development Manager
SimpliSafe Home Security

7 Messages

Il y a 9 m

Hi again, Davey.

Respectfully, I can promise you I've been using a 32 character wifi password on the system up until this latest base station replacement, and the previous unit was on at least v1.4 since I've had door locks installed for over a year, so it would seem the engineers are mistaken about how things have changed.

Allowing at least 32 characters for a wifi password is table stakes in networking security, and there are dozens of other devices on my home network that have zero issue with this requirement.

Community Admin

 • 

2.9K Messages

Il y a 9 m

Hi danny.debelius,

That's the mystery right there. Because we are 100% certain that the limit has been exactly 31 for the past several years. It's to do with the limits of the Base Station's memory - we just set it to the maximum. So something might have been different with how you had it set up before.

- Davey D.
Community Development Manager
SimpliSafe Home Security

Advocate

 • 

417 Messages

Il y a 9 m

@Danny,

Assuming you're using a password that's mixed case, alpha numeric, and have thrown in a symbol or two I think you're going to be fine with a password that's "only" 30 characters. Would more than 31 characters be objectively more difficult to brute force? Of course. Is the different between a password with 30 and 32 (or even 30 and 52) meaningful in the real world in practical terms? Not in the least bit. The time it would take to brute force a 30 character password (from within range of your WiFi network to boot) is not insignificant.

I actually keep all my SimpliSafe stuff on my guest network so it's not on my "home" network. You could always set up another SSID so you can keep your main SSID password at however long you feel you need it to be. Then your guest network can be set to "only" 31 characters so your risk of exposure is minimized while you wait to see if they make this change. (I would caution you to manage your expectations that this will be adjusted, by the way.)

1.3K Messages

Il y a 9 m

Yeah, even a 10 digit well mixed password is estimated hundreds of years to crack. Nobody is going to work on cracking your WiFi password anywhere near that long.

Advocate

 • 

2.8K Messages

Il y a 9 m

I'm pretty certain that back in Jan and Feb 2018, there were tons of posts about the 32-character limit for wifi passwords - I remember this well because simplisafe wasn't answering our questions about the new rollout of SS3, and we had several users having to test the character limit (again, I'm pretty sure it was 32).  But, there's no search function to verify that, of course and I'm not going through that far back to verify it!

Advocate

 • 

2.8K Messages

Il y a 9 m

Here are a few posts from very early 2018, the Password limit was in fact, 32-characters (I think the SSID went from 13 to 32 after a firmware update).

https://simplisafe.com/forum/customer-support-forum/installing-and-using-simplisafe/new-version-same-wifi-passwor

https://simplisafe.com/forum/customer-support-forum/installing-and-using-simplisafe/wi-fi

https://simplisafe.com/forum/customer-support-forum/installing-and-using-simplisafe/base-station-wifi-troubles

Community Admin

 • 

2.9K Messages

Il y a 9 m

coltmaster1,

You're right that we did say that the limit was 32. There was a discrepancy in our internal resources, so unfortunately we had been giving out incorrect information. I sincerely apologize.

But the actual limit in the code was 31. I had to double-check with our engineering team, and had both the Help Center and our own internal documentation updated with the correct info.

- Davey D.
Community Development Manager
SimpliSafe Home Security

Advocate

 • 

2.8K Messages

Il y a 9 m

Hmm, I wonder though, it seemed like some people were actually using the limit (32), so is it now 31 or 32?  And what is the limit for SSID now?  (sorry for confusion, it doesn't affect me personally, just would like the info for future reference).

2 Messages

Il y a 4 m

I actually just found this out and am sending my entire sysetem back.  I worry about their programming capabilities if they have limits on passwords. 

I would like someone from the engineering team or programming team to tell me why they are limiting the length of a password that is controlled by my wifi.  It makes absolutely no sense to me.  Nest has no issues with it, apple has no issues with it, sonos has no issues with it, ikea has no issues with it, ADT had no issues with it, every laptop I have owned has no issues with it. Why would Simplisafe limit the length?

(edited)

Community Admin

 • 

2.9K Messages

@rfrconsult​ we understand the frustration. It's not that we're forcing a limit on purpose. It's just an unfortunate restriction in the amount of information that the Base Station is able to store - at least right now.

Also to be clear, it is also not that our system is imposing a limit on your whole WiFi network. The limitation is just in what the Base Station can support. What we would recommend in this situation is to set up a secondary, or Guest-level network on your WiFi that only your SimpliSafe components can connect through.

4 Messages

Il y a 3 m

Once into two digit lengths, quality is more important than quantity.