AirPort: Joining an encrypted WEP or WPA Wi-Fi network
Learn about joining an encrypted Wi-Fi network.
AirPort, AirPort Express 802.11n (2nd Generation), AirPort Express Base Station, AirPort Extreme 802.11n (1st Generation), AirPort Extreme 802.11n (2nd Generation), AirPort Extreme 802.11n (3rd Generation), AirPort Extreme 802.11n (4th Generation), AirPort Extreme Base Station, Time Capsule 802.11n (1st Generation)
Before you begin
There are two common types of Wi-Fi password protection (also known as encryption) schemes that can be used by Wi-Fi base stations. The preferred method is called Wi-Fi Protected Access, which appears as "WPA2 Personal" or "WPA/WPA2 Personal" in AirPort Utility.
The other method, which is older and much less secure, is called Wired Equivalent Privacy (WEP). This appears as "WEP (Transitional Security Network)" in AirPort Utility. Do not use WEP unless it is the only Wi-Fi security type that your device supports, and be aware that it is now very unsecure. If you must use WEP, try to configure your WEP Wi-Fi network on a separate, isolated network segment that contains only the devices that require WEP. Then, use a network router to bridge the isolated WEP network into your main WPA network.
Click the AirPort menu bar icon and choose your desired network. A login window appears stating it "...requires a WPA password." for a WPA network" or "...requires a WEP password" for a WEP network.
Enter your password and click OK. If you don't know the password, contact your network administrator.
For non-Apple wireless WEP networks
If you want to join a non-Apple encrypted wireless network from a computer with an AirPort card, you must use one of two different styles for password entry (which one you must use is decided by the network administrator). They are:
If you were given a password that is plain ASCII text, use the double quotation mark (") before and after the password. These are case-sensitive, and they are at least five characters long for 40-bit encrypted networks or at least 13 characters long for 128-bit encrypted networks.
- Example of 40-bit: "pw123"
- Example of 128-bit: "password12345"
If you were given a password that uses only the hexadecimal range of characters (which are: abcdef0123456789), add a dollar sign ($) before the password. These passwords are at least 10 characters long for 40-bit encrypted networks or at least 26 characters long for 128-bit encrypted networks.
Note: In a hexadecimal password, the dollar sign is called the Hex Escape. It notifies the software that the characters that follow it should be treated as a hexadecimal number. Other possible hex escapes are "0x" and "0X" (zero-x). The "x" may be upper or lower case).
Example of 40-bit: $1234abcdef
Example of 40-bit: 0x1234abcdef
Example of 128-bit: $12345678901234567890abcdef
Example of 128-bit: 0x12345678901234567890abcdef
Note: If you are not sure which type your password is, try both of the methods above, or contact the network administrator for information about your password.
When logged in, the AirPort menu bar icon shows the approximate strength of your wireless network signal. All four signal bars darkened means you have very good throughput. If you don't see this menu bar icon, enable it in AirPort preferences.
Terminology: Derivation of 40-bit and 128-bit
Encrypted wireless networks use either 40-bit or 128-bit keys. The key is conveyed in either eight-bit (ASCII) or four-bit (hexadecimal) encoding.
When using hexadecimal encoding, each character in the final encryption key is four bits long when converted to binary. The 26 characters of a 128-bit key add up to 104 bits. This 104-bit password is combined with a 24-bit random number, called the initialization vector, to create the 128-bit encryption key. The initialization vector is supplied with each packet of information sent and is part of the Wired Equivalent Privacy (WEP) algorithm and 802.11b standard. With 40-bit encryption, the 10 hexadecimal characters equal 40 bits, which are then combined with the initialization vector to create the 64-bit encryption key. In this case the 40-bit name is a misnomer; it is actually a 64-bit encryption key. Consequently, 40-bit may be referred to as 64-bit, in some references.
When using ASCII encoding, each character in the final encryption key is 8 bits. So 5 characters equal 40 bits; and 13 characters equal 104 bits. The same initialization vector is added for the totals of 64 and 128 bits.