Ambiguous Characters & PPSK’s

  • 2
  • Idea
  • Updated 3 years ago
We have a number of guests who use our wireless, and grant access using the system generated Private PSK's, which is ideal for what we do.

The most frequent problem we face is when the system won't accept the PPSK. The issue is generally a confusion between characters that look the same, such as Zero and the letter O, or a capital i and lower case L. (This is particularly bad when here is more than one pair of ambiguous characters in the password.)

It would be good if the system generated passwords had the option to exclude similar characters as it would cut down on the support issues.

Could this feature be added?

(This may have been raised previously but I haven't seen any updates so I thought it was worth asking again.)
Photo of sx

sx

  • 25 Posts
  • 2 Reply Likes

Posted 4 years ago

  • 2
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
Good suggestion. I've already had this on my plans. This is not something we can (or should) do in a minor release or maintenance release, we will have to wait for a major version number change as it will involve changes in all of the Aerohive products that interact with PPSKs. I will try to get this change into the code later this year.
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Interleaving with vowels and consonants is a great trick to get something that can be sounded out and people can deal with easier. You can further include special characters if greater security assurance is required.
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
Mike, has there been any update on this?  When I have asked about this I kept getting the "Use ID Manager" response but, as ID Manager is public cloud only, this is not an option for some of our customers (financial institutions, health care, government departments, etc.) who do not want cloud solutions.

(Edited)
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
Crowdie,
I am a little disappointed to admit that there's been no progress on this. The stumbling block is that since it has to be coordinated with changes in HiveManager and because the algorithm changes will affect backward compatibility, we cannot just use any old release of software, we have to wait for a major release. It's still high on my priority list, but you shouldn't expect it in the near term.
Photo of sx

sx

  • 25 Posts
  • 2 Reply Likes

Thanks for the update Mike.

This is a bit of a shame that we won't have a solution shortly as we are continuing to get messages to our helpdesk about this issue - the last one came through at 1:46pm today.

We have a large number of Guest users who access our system, and it does not reflect well on the technology when the users struggle to logon.

Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
Is this a feature we can get pushed up in priority for 6.2?
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
Mike, any news of this front?  I now have two major customers who are grumpy because of this issue.
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
Crowdie, 
No, this once again missed the cut for the next release of HiveOS and HiveManager. 
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
Mike, is this issue high on the pecking order or is it likely that we will never see it implemented?
Photo of Kevin Whelan

Kevin Whelan

  • 53 Posts
  • 2 Reply Likes
How much longer before this mess gets sorted, Wouldn't it just be easier to change the font so that there was a distinction between I and l. If the screen and subsequent  email was formatted with a better font this would work surely.
I can copy a ppsk into word and change it to times new roman and there is an obvious distinction. Can't you just fix the email and screen font please
(Edited)
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
Kevin,
Our customers use a surprising variety of methods for distributing PSKs and PPSKs. They send them via SMS, send them via email, print them on purpose-built dedicated visitor-label printers, and probably half a dozen other methods I am not aware of. 

You can imagine how many of those methods give us control over the final representation. The safest approach is that used in our IDM, where you can tell the system to not permit the use of lookalike characters.
Photo of Luke Harris

Luke Harris

  • 265 Posts
  • 18 Reply Likes
I've been waiting for a more in depth customisation of the ID Manager key delivery email for some time.