| Internet-Draft | WiFi Phishing Resistance | June 2026 |
| RelunSec | Expires 9 December 2026 | [Page] |
This document proposes a phishing-resistant authentication mechanism for home Wi-Fi networks using hardware security keys (e.g., YubiKey) alongside traditional passwords to mitigate Evil Twin attacks.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 9 December 2026.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
i'm RelunSec a security researcher, my mission is to improve WIFI security¶
We faced a lot of problems, because of those evil twin attacks against WIFI home networks, those are used to obtain victims wifi passwords, that why i'm a security researcher, i'm here to propose that¶
the thing is WIFI will support phishing resistant methods like yubikey alongside passwords¶
i wanted to propose that to improve WIFi network security, after that proposal even attackers used evil twin and phished victim wifi passwords they need a yubikey to authenticate to the network. a yubikey cannot be phished, like with websites yubikeys cannot be pished and phishing resistant methods¶
yubikey support is an available option, will be not mandatory passwords will be the first method and then will prompt you to insert a yubikey, after inserting it the WIFI connection will successed else fails if not enabled will be the current behavior.¶
1- Future routers will have yubikey support option, you go to the router interface and register the yubikey 2- Then you activate yubikey option 3- reboot the router 4- all devices will be disconnected, to connect enter your normal password and then insert your yubikey 5- Now you are connected safely to your wifi network, there a no worry anymore about evil twin attacks¶
This document describes a security enhancement. The use of hardware-based multi-factor authentication (MFA) significantly reduces the risk of credential theft via Evil Twin attacks. By requiring a physical presence gesture (such as a YubiKey tap), even a compromised password is insufficient for an attacker to gain access to the network.¶
This document has no IANA actions.¶