You’re in a client’s office or a friend’s house, and you have to get online. No problem: you just fire up your Mac, wait a couple of seconds while AirPort automatically finds any 802.11 networks within hailing distance, and, boom, you’re online, right? Not necessarily.
If your host is using an AirPort Base Station, it often is that simple: your Mac will alert you to the presence of the network and then ask you for the password. But if it’s a non-Apple network, getting on can be anything but simple.
Finding a Network
No matter what kind of wireless network you’re trying to log on to, the general process is the same: find the network and then supply a key to log on.
If the network is open, and if you’re using OS X 10.2 or later, that first step is simple: Your Mac may automatically alert you to the network and ask whether you want to join. If it doesn’t, click on the AirPort icon on your menu bar and select the network you want to join. If there’s an open network available, it should be on the list. (Or you can launch Internet Connect and click on the AirPort tab to select the network.)
Closed networks, however, won’t make the list—you’ll have to tell your Mac which network you want to join. To do so, get the network name from your host, click on the AirPort icon, and select Other from the drop-down menu. That’ll call up the Closed Network dialog box, where you can fill in the name of the network.
Logging On to WEP
Once you’ve selected a network to log on to, OS X will find out whether it requires a password. If it doesn’t, you can skip the rest of this article—but you might want to tell your host about the hazards of unsecured wireless networks, and you should definitely be careful about the kinds of data you transmit through the unprotected air.
If security is turned on, the AirPort dialog box will, by default, ask you for a WEP Password. But if you click on the Wireless Security drop-down box, you’ll see at least three more options: WEP 40/128-bit hex, WEP 40/128-bit ASCII, and LEAP (See screenshot). Figuring out which one to use is a process of trial and error.
Start by leaving the WEP Password option as is and entering the password you were given. If that doesn’t work, take a look at the password.
If it’s ten or 26 digits long—for example,
try selecting WEP 40/128-bit hex and giving the password another try. If the password is a five- or 13-character chunk of text—such as
—try WEP 40/128-bit ASCII instead.
Occasionally in OS X 10.2 (and always in older versions of OS X, as well as all versions of OS 8 and OS9 that support AirPort), the only WEP option you’ll be offered is WEP Password. In those cases, if you have any trouble logging in, try putting a dollar sign ($) in front of hexadecimal keys or surrounding ASCII keys with straight quotation marks—”frisk”.
Joining the WPA
Some Wi-Fi networks may offer two other security options: WPA Personal and WPA Enterprise. (
for the lowdown on WEP versus WPA.) Unfortunately, only OS X 10.3 supports WPA; if you’re using an earlier OS, you won’t be able to log on.
OS X 10.3 is good about detecting when it needs a WPA password; but if it doesn’t, if you’ve already tried the various WEP options with no luck, and if your host can’t tell you what kind of security is in use, then try specifying WPA Personal from the Wireless Security drop-down menu. A WPA Personal key consists either of a combination of letters, numbers, spaces, and (some) punctuation marks, or an absurdly long (64-digit) sequence of hexidecimal code. (Jaguar and Panther can tell without prompting when it’s the latter.)
As its name implies, WPA Enterprise is most common in large companies. It relies on a server that doles out a different key to each user. If your host hands you a login name and a password, select WPA Enterprise from the Wireless Security drop-down menu. If that doesn’t work, try the LEAP option (see “Keys to the Corporation”, next page).
Whatever kind of key you’re entering, type carefully: the characters are stealthed as you type, so it’s easy to enter the key incorrectly.
In the Enter Password dialog box, you have the option of storing the password in the Keychain. Be careful—if you opt to store the key but then enter the wrong password, you’ll have to go to Applications: Utilities: Keychain, find the network’s entry, and delete it before trying again.
Easier Road Ahead
This could all get a lot easier in the future. The company that supplies Apple’s Wi-Fi chips has recently introduced a system called SecureEasySetup, which lets network administrators generate and distribute strong WPA keys with the push of a button. Apple hasn’t announced yet whether it’ll sign on.
For the time being, you’ll just have to rely on careful typing.OS X can’t tell what kind of encryption a closed network uses, so it presents you with all the possible options (top). If you aren’t running Panther, WPA won’t be a choice (bottom).
Keys to the Corporation
Businesses often use more-sophisticated security protocols to protect their wireless (and even wired) networks. They come in a bewildering variety of acronyms—LEAP, EAP-TLS, MD5, and more. But most of these systems are compatible with one common standard known as IEEE 802.1X.
Unlike WEP and WPA, under which all users use the same keys to get onto a wireless network, 802.1X-based security systems provide individual keys for each user. Here’s how it works: You log in to a wireless access point, using a user name and password. Before the access point will allow you to do anything, it checks with a server. If the server agrees that your user name and password are kosher, it’ll issue an “accept” message to the access point, which will then let you in.
Apple added support for 802.1X in OS X 10.3. To use it, your host will have to give you a user name and a password. With those in hand, you launch Internet Connect and then select File: New 802.1X Connection. (If that option is grayed out, click on the 802.1X tab in the Internet Connect application.) Select Edit Configurations from the Configuration pop-up menu, and then click on the plus sign (+) in the lower left corner of the configuration window. Enter a description of the configuration in the Description field, choose AirPort from the Network Port pop-up menu, enter the user name and password in their respective fields, and then choose from the Wireless Network drop-down menu.
In the Authentication area, deselect all but the protocol your network host tells you is in use. If the network uses EAP-TLS, the network administrator will also have to give you a digital certificate, which can be installed via Keychain. Click on OK, and then click on Connect to start the connection.
Check it Out
Mac users now have another way to get online on the road:
has finally released an OS X version of its software. Boingo is a hotspot aggregator. Thanks to the company’s partnerships with Wayport, STSN, Surf & Sip, and other network providers, Boingo customers can log in to more than 10,000 Wi-Fi hotspots around the world—in coffee shops, restaurants, airports, and convention centers—with a single user name and password. The Mac version of Boingo works with Apple’s AirPort software to sniff out wireless hotspots; it also includes an automatically updated directory of all the hotspots in the network. The software is downloadable for free; subscriptions to the Boingo network cost $7.95 per day and $21.95 per month.—
802.1X—which OS X 10.3 supports—adds a new layer of security to wireless networks. It relies on authentication servers, which check your user name and password before letting you use the wireless network.