What Is a Wireless MAC Authentication?

By Ruri Ranbe

Most computers have two MAC addresses -- one for the wireless card and one for the Ethernet card.
i Thomas Northcut/Photodisc/Getty Images

A lot goes on behind the scenes when a computer attempts to connect to a wireless hot spot. You can use your PC every day without knowing -- or needing to know -- its media access control address, but your router checks it every time you sign on to your network. You can utilize this function of your router to strengthen your network's security.

Basics

A MAC address is also referred to as a hardware address or a physical address. The address consists of 12 characters, or hexadecimal digits. Unlike the decimal numerical system you use in everyday life, the hexadecimal system consists of 16 digits: the numerals 0 through 9 and the letters A through F. For example, "00:11:22:AA:BB:CC" (without quotes) is an example of what a MAC address might look like. The first three groups of digits identify the manufacturer; the last three groups of digits represent a serial number. To find your MAC address, press "Windows-W" and search for "connections." Then click "View Network Connections" and double-click "Wi-Fi." From there, you can click the "Details" button and find the information listed in the Physical Address field.

Purpose

A computer needs an Internet Protocol address to communicate with other PCs on the Internet. A router assigns IP addresses to computers on a network. Like a MAC address, an IP address is unique to a PC; it's used to locate and identify a device on the network. If two devices sharing the same MAC address tried to connect to the router, however, the router wouldn't know that the connection requests were coming from two different computers. Depending on how the network is configured, it might assign an IP address to one device and then refuse the connection from the other.

Authentication

Most routers enable administrators to block or allow clients on the network using a feature called MAC address authentication, or MAC address filtering. In enterprise environments, information technology staff enter into the filter the physical addresses of all office workstations allowed to access the network. This process helps to protect the network and its connected clients by blocking out unauthorized users. When a computer attempts to connect to the network, the router authenticates the device's MAC address. That means the router uses the MAC address to identify the computer; if the address is allowed through the filter, the router then authorizes the computer to establish a connection with the network. Consumers can also use authentication to protect their networks; MAC filtering is especially important if you do banking or access other confidential information from your PC.

Workarounds

Hackers can clone, or spoof, MAC addresses to get around the filter. Attackers can use sniffing software to find legitimate addresses and then use the Windows Registry or third-party tool to change their network cards to match an available identifier. Once the hacker has configured his computer to use a viable address, he can sign on to the target hot spot and potentially spy on data sent over the network.

×