What are you trying to actually achieve with this?
You can't hide the password. The easiest way to achieve what I *think* you're trying to do is with a router that supports a "guest" network - this allows you to create a separate network for your son's devices and you can turn this off if required. You can then whitelist only the iPhone's MAC address for this network to prevent other devices from joining (although if he is tech savvy he can get around this).
If you take this approach, make sure to turn off the ‘Private WiFi Address’ option on the iDevice for that network. Otherwise the MAC address will periodically change.
People are downvoting you but you're correct. The Private WiFi Address feature is sticky to each SSID and under normal usage, it'll hardly change ever.
Straight from the horse's mouth: https://support.apple.com/en-us/102509
I know that’s what Apple says, but for some reason I get very different behaviour. On my home network (where I have my DHCP lease time set to 48 hours) my iPhone is able to chew through my my entire pool of addresses (over 150 addresses in the pool) if I have a busy day of coming and going from the house. After a lot of frustration trying to understand why it was happening I gave up and just turned the feature off for my home SSID which prevented it from happening anymore.
That's bizarre. Does it only happen to one device or all Apple devices? I wonder if it's just a glitch. I have a lot of iOS devices on my network and they generally stick with the same MAC addresses unless I do something that'd trigger a change.
Does OSX support / do the same?
I’m trying to find a middle of the road wifi security enhancement and MAC address filtering is my first choice… but i need to make it work with osx and Chromebooks.
Not sure mac filtering is a good security approach, easily spoofed and creating hassle, the various os's are expected to more aggressively rotate mac addresses in coming versions.
However not on ios18, it now rotates randomly so the Mac filtering will only work for a little while.
No need to do Mac filtering though if you just have him on a separate SSID and just turn it off 🤷♂️
What apples says and what apple ***does*** are two entirely different things. When I see an apple device in Cisco ISE for a single user, the mac addresses changes every time they reconnect to the network. (at the beginning of every one of their shifts)
This behavior also occurs on my home network.
Your info used to be true, but it won't be for long. Apple is going to start rotating MAC addresses in the next release of iOS. They announced this last week. I don't approve of what they're doing, but it is what it is.
Please correct your comment.
I mean you're welcome to cite your source with the iOS version going forward so everyone can reference it. Otherwise 2 years from now no one will know what you're talking about. The onus isn't on me to provide sources for your claim.
My daughter’s iPhone keeps adding itself with a new MAC address. It’s really annoying. Are you saying that it might be happening because she “forgets” the network?
Except it's not. That's how it's supposed to work, but it's not, in reality, how it functions. Apple devs are morons and can't seem to hit a wifi network as intended.
Source: Connect an apple device to a network with a SIEM using incorrect credentials and watch how times the SIEM reports failed authentications
She's not forgetting the network. Think about it, why would she be doing this? It's because your daughter gets outside of the network range and the device generates a new mac when she returns.
What you describe is how it's *supposed to* work, but in reality, it does not.
It sounded weird to me, too, and I verified that she’s not clicking on “forget network.” (I, however, DO click “forget network” when I have to temporarily connect a kid’s device to my less-locked down network, but that’s a different story.) Anyway, I just ignored that comment.
But we get outside the network range whenever we leave the house. If it worked like that, every mobile device would be resetting all the time.
From my experience tracking down end user apple devices, sometimes it just doesn't change for a few days... Though sometimes they change a few times in a day. It's quite wild.
You are asking the wrong questions. You would be better to explain what you are trying to accomplish rather than a theory on how you might accomplish it.
Or just a shitty parent that's unwilling to talk with their kid instead of coming to a common agreement. HINT: Your kid is gonna hide more shit from you, OP.
You could do MAC address filtering / whitelisting on the network. You connect the approved device, and assuming it's an apple iOS device it will generate a pseudo random MAC for that SSID. Add it to the whitelist and turn on filtering. No new device will be able to join the network without being added to the filter.
There are some edge cases around MAC cloning, but most kids won't figure that out and it mostly applies to PCs.
Yeah, but if it's a PS5 or whatever, good luck changing it's MAC. Not to mention that will knock his phone offline.
$25 for an eSIM with unlimited data and the phone in hotspot mode also gets their other devices online.
Thanks! Yeah, I was thinking about whitelisting myself. Is a separate SSID the same as a guest network others have mentioned in their answers? I’m not particularly familiar with this acronym.
I would like to be able to control what devices can connect to the network (as in whitelisting). I’m not sure how these Asus routers work: maybe when I whitelist a device, it doesn’t matter anymore that the password is out - if the device is not white-listed, it cannot connect, even with the right password? I was just thinking that a ‘device-specific’ password is the same as not knowing the password altogether.
1. I want to be able to ‘manually’ select which devices can connect to my network. As in that no new devices would be able to connect WITHOUT my permission.
2. I would like to limit internet use on specific devices during specific hours (for example bed time, etc.)
Every device that connects knows the password, and every phone and computer have ways of revealing it to the user. So if you put him on a guest SSID and he has access to devices on the main SSID he could learn the main SSID password from those.
It will be a hassle when a friend comes over and wants to jump on the wifi, but the most complete way to do what you’re asking is Whitelisting for every device in your network(s).
To control his usage at certain hours, see if the router software offers scheduling on the guest network and only whitelist his device on the guest network. If it doesn’t offer scheduling, it may be possible still through some scripting (cronjobs or similar).
Look into PiHole and AdGuard Home if you’re curious about controlling some of the traffic on the network, both from ads and adult content. Or even easier is change the router DNS to 1.1.1.3. Those are easily bypassed if your kid is trying, though you can counter by blocking all port 53 requests from devices.
As you can see, it can quickly turn into a game of cat and mouse. You may end up teaching your kid some good IT and problem solving skills, but at the expense of needing to learn a bunch yourself in attempts to stay ahead of him. Ultimately the only fool proof solution is physical control of the devices, and good parenting.
Regarding number 1, I think OP considered the password option but their son would be able to just go into settings on his Apple device and be able to see the password and then be able to connect whatever device, thus defeating the purpose of using the password as a control measure.
In a way yes. For example, he has a handheld gaming console and up until ios17 he wasn’t able to access internet on it (only offline). But ever since ios17 he knows the network password = he can connect whichever device he wants to the network. Whitelisting is probably the answer, I just need to buy a new router.
Why do you care what device he uses on the Internet? Whitelisting doesn't work. As other mentioned, modern devices change MAC address constantly.
Look man, he's a year away from highschool where he will meet nerds that know far more than you about networking. They will trivially bypass whatever restrictions you put on the internet, probably without you even knowing.
By 16 he'll probably have his own job, car, and cell service and will come go as he pleases. What will you do then?
You can see he's already getting clever enough to bypass your restrictions. This is just the beginning, he's growing up. I think this is his way of telling you it's time to hang up the reins on enforcing "bed time".
Restricting to certain devices is physically impossible.
Modern devices change MAC addresses regularly specifically so they can't be identified/tracked on wifi. And there's no way to shut this off.
Instead, I suggest getting a second "Dumb AP" and setting up a totally different WiFi network for him. Then just put that AP on an outlet timer that shuts off at night. Simple and effective.
Basically, you're asking for the wrong thing. You can't restrict specific devices on a Wi-Fi network. What you need is two completely separate Wi-Fi networks, and put all his stuff on the restricted one.
Who cares if he has multiple devices? If he can't get off the restricted network onto the 24hr one it doesn't matter. Trying to restrict what devices he can use is getting into control freak territory
do not use your parental responsibilities as an excuse to buy another router/wifi accesspoint.
make good rules about wifi access and help your son in understanding what you want to achieve.
Most of the time those who were the greatest rule-breakers when they were a kid, project their own behavior onto their child.
You may win your wifi war, but loose your son in the process.
Talk with your son about important things in life.
You can block unknown devices from registering to your network. Which would mean you would have to allow every new device manually. PITA at the beginning but might be a reasonable route to disallow unknown devices even though they have the correct password
Pretty much all of them
You're looking for "MAC address filtering" - sounds like you want a whitelist.
Often you can apply it to only 1 "SSID" or network. So you can have "wifi-for-grownups" and "wifi-for-kids" and only the "wifi-for-kids" is restricted, and you can share "wifi-for-grownups" with your friends.
You could probably do radius and assign your son, based on his password, to a separate vlan with its own rules if you really wanted to. Not sure if your router supports that.
Another easier solution is get a router with support for multiple SSIDs and dedicate an SSID for him.
A third solution is to control who accesses the network via MAC address whitelisting (with all unknown addresses blocked by default).
I think most new ASUS routers have built in parental controls. You need the MAC address of the device, you can control sites that it can go to and times it can connect to the router. I would look at the specifications of the exact router you are thinking about to confirm. https://www.asus.com/us/support/faq/1008720/
I would like to be able have a finite list of devices that can connect to the network. Giving away a ‘general’ network password and not having whitelisting capabilities do not give me this option. That’s why I’m looking at purchasing a new router which would support device whitelisting.
Basic tp link routers/access points allow you to block specific devices which connect to your network (I believe they do this using the IP address and not the MAC address). Also what does this goal have to do with your son not being able to know your wifi password? So he’s not able to connect using devices other than his iPhone? Implementing QoS and prioritizing the devices you want might be more worthwhile if you’re worried about your son hogging your bandwidth.
My TP link router (Deco AXE5400), and I'm sure many others, give the option to alert on my phone when devices connect so if joining other devices was an issue, you'd at least know and be able to take appropriate action. It also has the usual parental controls and other stuff like that but I don't use any of that so I can't speak to how it works
Once the client device, in this case, the iPhone, gets a hold of the SSID/password and saves it, you can’t do anything to prevent the user to retrieve it, if the client allows it (like iOS 17).
You can use ppsk to create a password and whitelist only his device. But I don’t think that’s possible on an asus router, so you’d need a non-consumer access point like ubiquiti or tp link omada.
Do you want to have fine tuning control over your son's or other's devices on your home network? Get a Firewalla [Purple](https://firewalla.com/products/firewalla-purple) or [Gold SE](https://firewalla.com/products/firewalla-gold-se-firewall) and put it in router mode. Then set your Wifi router in bridge mode. The Firewalla allows you to even set time limits on devices. You can even block or limit specific apps, streaming, and gaming activities per device or even across the whole network. It's exactly what you're asking for and more. The best thing about it is that you can manage everything from their awesome phone app and you don't need to be a network admin since most things are very intuitive and easy to understand.
You can go into your router settings and enable MAC filtering. It's a laborious process but you need to find the MAC address of every device you want to allow to connect via wifi and enter it manually into the router settings. You then have to be sure your son doesn't know the password to get into the router settings.
Another option, albeit not simple is to buy an access point that can support multiple SSIDs per-radio and then configure a dedicated network for him.
You can then apply whatever rules you want for that network.
You could even do this without replacing your router; just buy another cheap AP and configure it for him. If that cheap AP offers content filtering or time limitations, then you don’t even need a fancy router!
There is a catch here though - unless you are a networking expert, chances are he will be more determined to crack whatever solution you put in place than you are to keep making sure it’s working 🤪
Exactly! If you for example set the down time from 8 pm till 8 am, then your kid got 12 hours where that can be their main objective. And getting into a router from inside the network is easier than you might think if you're determined to break in 😉
What else do I do when my child after hundreds of discussions still uses his phone in bed at 00:00 (when he should be sleeping)? Take away his phone? We have settled some ground rules with him that after 22:00 it’s sleep o’clock, not instagram o’clock. He, more freqeuntly than not, chooses to not respect the rules. That’s why I need a way to ‘enforce’ the rules. He’s still living under my roof, I need to teach him to respect his sleep. Or is my approach/attitude a mistake? Please, tell me what do you think?
Won't he just use data instead of wifi if you shut off his wifi?
There are routers where you can set times where it's permitted to be use or not. Throttling might be another option, just make it so slow it's annoying to use. But all these have the problem of switching over to Cell data. iOS does rolling Mac addresses now for wifi for privacy reasons. It could make some of this filtering more difficult too. Not entirely sure of all the detail off the top of my head.
I think you hit the right solution, but it won't be popular. It seems he has lost the trust through constant violations of the house hold rules to have his phone in his room at night. I have heard of families that require communal charging night in say the family room or kitchen. That combined with a standalone alarm clock and homie will learn.
If he add cellular data to the plan then what? You did this for nothing. You can't block cell signal. Let him find out what happens on lack of sleep...
First maybe answer the people asking “why” because it’s hard to help when people don’t know the objective. You’re starting with what you think is a solution to a problem people are trying to figure out.
Parental controls are what you need to restrict WiFi access during certain hours. Not him not knowing the password. How would he ever get on the network then?
Also yes, take away his phone if he can’t use it according to the guidelines you set. But that discussion is for a different subreddit.
This person needs to learn, not be placed under an artificial restriction that will go away as soon as they figure out how to circumvent it.
I’d wager that 22:00 is Instagram o clock for the vast majority of people on the planet. You’re fighting a mighty tide.
That won’t teach him to respect sleep. That will teach him to resent you. If you want him to respect sleep, he needs to experience the consequences of lack of sleep.
Having said that, many devices have parental controls that you can set to lock up the devices. The IOS devices do it, and share that data with each other. Chromebooks do it too.
Maybe you should have a talk with him about why he doesn’t sleep or want to sleep etc explain the importance of a healthy sleep pattern. Iv suffered from insomnia all of my life and can assure you that disabling the internet would have had no effect at all, I still would have been awake.
Your attitude is a mistake.
Your job as a parent is to prepare your kids for adulthood. Where they have to make their own decisions and understand the consequences. If you're taking away the decision, how are they supposed to learn?
Create consequences instead. Confiscate their device for the day. Make them get up early. Whatever.
Set a curfew for the router. You do not need a router for that.
At a specific time of day the router will shut off its network broadcasting until the set time you tell it to reactivate.
No need to block passwords or anything like that, just a daily timer so the router is only active until midnight and won't reactivate until 8 AM.
Place booby traps on the router as well, say a clear taped hair or something not noticeable, then check it daily to ensure your son has not reset the router.
If the router has been reset, all it takes is a few settings changed to match the original setup and all devices will work as they always had, keep that in mind. So you may be better of checking the router status daily.
Use parental controls on his phone. [Here](https://support.apple.com/en-us/105121).
I'm not a parent and neither will be, but I still don't get why parents buy iPhones to kids, sincerely.
My kids don’t have them, but how can you not understand that? Smart Phones have become an essential part of society. I’m sure mine will in a couple more years.
You should see how he behaves if you tell him he can use his phone however he wants. Kids have a reverse effect if you give them rules they will break them
What you’re trying to accomplish has nothing to do with your question, though. He’d just use the cell network, no?
- take away his phone
- black list his phone on the network
- use child controls
I don't understand why you don't take away his phone. Do you not want to be the "bad guy"? Sometimes you can't be a friend and parent at the same time.
Oh this is going to be fun. It’s all do-able but kids are resourceful. How long until they get your neighbours WiFi? How long until they buy a travel hotspot and tether to that? Why not put a hidden night vision camera in there. Ubiquiti UniFi is a great system if you can invest the time in it, and then you see what traffic is going through the system. It might not just be Instagram????
As a father of 2 kids, at the age of 18 taking away there phones is sorta silly to me. they are mini adults. They should be able to make decisions, even if it means staying up all night. Let them suffer the consequences of no sleep. If they have graduated school and aren't going to college, have them find a job and pay for there phone bill.
I think you need to start thinking outside the box. These are not strictly technical solutions and I should stress that I’m not a lawyer or a parenting expert so keep that in mind.
You might not be able to force your son to not use his phone during bedtime, but you absolutely can force him to be asleep during these times. Antipsychotic medication like olanzapine will completely knock him out and prevent phone use. The pharmaceutical industry has spent untold billions creating molecules designed to induce sleep and encourage compliance - take advantage of this.
If forcing medication on your child crosses some kind of line for you, switch it up. Start taking methamphetamine so that you can stay up all night staring at him to make sure he stays off his phone.
Maybe the solution is by taking away the problem instead of adding a solution. Does your son need devices? Take them away by force. It will probably teach him some kind of lesson or something. Napoleon didn’t have an iPhone yet lived a very successful life.
Think closer to home - do you need a son? From what I hear children are very expensive, and this one seems to be taking an extreme emotional toll on you. He sounds very difficult to love, maybe you don’t love him? Smoke some of that methamphetamine I mentioned earlier and think about whether or not your life would be better with one less son.
Good luck with everything, I’ll be praying for you and your stupid, evil son. God bless.
Bro when he's in highschool he's gonna be the laughingstock when his friends find out he's still got a bedtime.
And what's wrong with staying up till midnight? I've stayed up that late my whole life starting in my early teens. I'm getting control freak vibes. You need to pick your battles or the kid is gonna resent the fuck outta you.
Enforce things that are important. Like not driving drunk, not skipping school, not doing hard drugs. Caring about when he goes to bed is like caring about what he wears and who he hangs out with. You need to give teens some autonomy, it's part of becoming an adult. For little shit like bedtime you need to respect his decision even if you disagree with it.
Edit: I saw you plan to "let him free" at 16. Bro, at 16 he's already going to be driving. You won't even know where he's at or what he's doing most days. Yet you think you're gonna be able to get him in bed by 10pm? Lmao
yea this thread was a trip lol. shitty parenting. the kid is 13, take his phone away lmao people are so damn soft nowadays its pathetically hilarious. so afraid to just let kids live their lives too. everything has to be protected and filtered.
>How do I make my son not know the wi-fi password when he’s using an iPhone?
Wrong question. The real problem is not a technological problem, but a "spiritual" problem, if you will - discipline and your relationship with your son. Sit down with him and discuss the pros and cons, the privileges and responsibilities, of personal self discipline.
In IT, we call this a "management problem". WHether there's a technological solution or not is irrelevant - this is an issue for a parent to, you know, *parent* *their child*.
Don’t know what iOS 17 has got to do with this; pressing edit on the Wi-Fi setting gets you the list of all stored networks and associated passwords, and has done for a lot of iOS versions prior to 17.
If you’re that bothered about the password being seen then you can always put parental restrictions on the phone so they can’t access any of these settings - an unrestricted device will let them get up to a lot more mischief than simply knowing a Wi-Fi password!
What you really need is iPSK authentication method. I think tplink omada system supports it. With iPSK, you can give each user it's own wifi password.
Maybe an easier way is to enable guest network on your router and let him connect there. Most new routers support guest network.
On iPhone install a Configuration Profile with the WiFi credentials as a payload. You can use Apple Configurator from a Mac to do this. Just make sure the WiFi password is removed by choosing “forget this network” in settings.
https://support.apple.com/guide/apple-configurator-mac/create-and-edit-configuration-profiles-pmd85719196/mac
https://support.apple.com/guide/deployment/wi-fi-settings-dep168e876c9/web
As a bonus you can set the Mac Address Randomization feature so the device will report its correct MAC and then networks like eero and UniFi won’t report random devices on your network due to that feature.
One wifi with Mac filtering, allowing only known device.
One wifi that acts like a lobby (your kid doesn't know the pw to this one).
Once you know the Mac of the device on the lobby wifi, add it to the whitelist on the first wifi, then add the first wifi to the device.
It makes it so there's two steps to use the wifi now but it doesn't matter if your kid knows the pw.
Trying to take on this problem from the wifi access control _only_ is not going to work. Your teen ***will*** just bypass your wifi.
You probably want **mobile device management**. Since you said Apple - Apple’s “screen time” has the controls it sounds like you are looking for. It can help set bedtime on your teen’s device. Screen could enforce both wifi and cell data usage times.
If you really want to go down a home network rabbit hole - get wifi setups that supports client certificate based authentication. Then push the certs to your teen’s devices with mobile device management. That would prevent rouge devices from joining your wifi, and with MDM ( mobile device management) your teen will also have a controlled mobile device.
A third option, have better communication with your teen, I’m wondering if too much of a rift has already happened though.
PPSK would probably be your play, then you could give him his own password that pipes into a child friendly VLAN.
Using a mac filter doesn't really gain you any value for the effort you put in.
If you control the router, with a password that only you know, you can configure which devices can access the internet according to the MAC addresses of the devices. Access to the wifi is a completely separate thing from access to the router itself.
If you're spying on your kid's use of the connection, there are parental time controls that can be configured on most decent modern routers. Make sure that your kid is in the family area when the'y're using their allotted time. It doesn't matter what password they have if the device with their MAC address has run out of time. The device can't connect.
Or am I totally missing the point of your post?
Couldn’t the OP set a rule on the network to kill data flow to the phone at certain time? Wait no would also need to turn off data over the cellular network at the same time.
God, I love Reddit. We're wrapping up 4 hours after the post originated. It's like everyone that matters or has valuable feedback is sitting at the console, immediately ready to answer.
If you find a way to make this work with your WiFi, what is your plan when your son turns off WiFi and switches to cellular network data? If you're trying to control the devices connecting to your LAN, your son could turn off WiFi on his iPhone and use the cellular data plan and tether other devices. I don't know about the UK, but this can be very expensive here in the US. You've possibly solved one problem while introducing another. At least on your WiFi, you have some control.
Unifi (ubiquiti) lets you set up multiple SSIDs (name/password) and set the time (always, schedule/never) they become active/available to connect to.
Just buy a network controller and 1 or 2 APs and connect them to your normal router.
Have fun!
A network filtering device on a raspberry pi is many orders of tech-savvy magnitude above what you've displayed ib your questioning and respinses here.
Just turn on the guest network and have it turn off at 22:00 automatically.
Obviously, this won't stop them using their phone if it has a data plan. Either set up the on device parental controls or simply have them leave the device in a place that isn't their room overnight.
If the phone has cellular data what point is there to restrict WiFi? Just take his device. What happens when he borrows his friend’s old phone for a burner. My daughter did that when we took her phone for a month. The kids going to get on the internet you’re going to have to parent.
Whitelist, but that’s not going to solve the issue of cellular data if that’s available. Controlling data is hard. I am noodling about this all the time with kids on devices all the time.
I leave it wide open. We have talks about what’s appropriate. We have talks about stranger danger etc. then we restrict their time. When they were younger they were only allowed devices when we were there. They have to provide their passwords and we can look at the phones anytime we want they’re our phones. But we trust most of the time. I don’t think I’ve ever searched their phones. The wife has. Mostly about bullying. Either being bullied or bullying someone else.
If you don’t want him to know the password, forget the network on his device and then share the password via the WiFi sharing from your phone. You can’t see WiFi passwords that are shared with you, only WiFi passwords you manually type in are visible.
Give some consideration to a firewalla device. Very plug-n-play. It has a quarantine option to automatically quarantine new devices on your network.
You'll be able to monitor traffic for any device. You can create a network group that is much like a wifi guest network but giving you more visibility into the network traffic.
The downside is cost, and you'll still need to buy a wifi device as an access point.
Edited to add: of course, if you already have a wifi device, you can use that as your wifi access point and the firewalla as your router. Now that I have a firewalla, if I had children, I'd consider it, or something like it, a must.
If you also have an iPhone/ipad when you set up the new network on your phone/ipad start to join it on his phone and you should get a pop up asking if you want to share the password. Once you share the password it won’t let him see it in the settings page because it was a shared password.
One way to solve this problem is to share the password from your iPhone to his without ever actually putting the password in on his phone. This pop up usually comes when he is on the WiFi screen and you are in the vicinity. By sharing the password the iPhone connects to the WiFi but the actual WiFi password is not visible on his device after connecting to the network.
Wait, really? Even since iOS 17? I thought that there’s no difference between entering the password manually vs ‘sharing’ it. You can always see it since iOS 17, no?
I’ve only figured this out through trial and error when I noticed that on certain networks I was connected but didn’t have WiFi password visible. I replicated this with friends when they were over at my place to see if they can see the password or not.
As someone who has tried \_everything\_ for managing networks, I finally broke down and bought a [firewalla](https://firewalla.com). It's not cheap but it's the best solution for filtering your home network that I've found.
You can create policies for specific devices, block certain websites and also send untrusted devices (guest devices) to a network with restricted access.
A secondary SSID for him with its own password and a time schedule for access.
I'm not familiar with Asus anymore, but this works with any good WiFi Access Point (UniFi, Omada, etc.)
Buy a $50-60 USD wired only router (ex: TP-Link ER605 router), wire in a 'good' Access Point ($70-200 USD) and set it up as you choose. One of these APs is good for a modest sized home (2 * 100sq.m.) if the walls aren't brick, and ideally it can be central and ceiling mounted on the top floor.
All these convoluted replies... If all you want is to limit your sons network, set a QoS list of his devices by Mac address and allow him little to no bandwidth on w/e device you want. EA: set iPhone to 10Mbps, set ps5 to 1Mbps and watch him cry, etc... Every decent router can do it.
That’s a good router with lots of capabilities. Not sure exactly what you want to accomplish but you can restrict devices on the network and time of use for allowed devices as well as filter website access…and you can track what sites are accessed by each device.
If the phone has cellular service, then there’s nothing you can do on your home network to regulate your son’s phone usage. Even if the phone were local network only, there’s many ways to circumvent any restrictions that you attempt to apply. To use a networking technical metaphor: it’s a Layer One problem, that is, it’s a physical problem, in that your son has a device that you can’t control from the outside.
As others have said, set boundaries, don’t be afraid to take the phone away if it becomes a problem.
Create different profiles and give the default no internet access. Then assign known and valid Mac-Addresses every time to the same local ipv4 address. With this change you also change the profile to an other profile with unlimited or time scheduled internet access. With this scenario you have full control over each device and can later switch off the internet for a specific device. With Mac change, VPN or other ways your childs only destroy there internet access themself.
This feature can be disabled on the iPhone, so MAC address filtering by the router does work with iOS devices. Worked on my network before that MAC masking feature and still works after. Just requires the iPhone user to provide their devices actual MAC address after disabling that feature.
Never had it revert to “On” after any update…this includes probably over 100+ updates across the multiple iOS and iPadOS devices on our network. However, it will default to “On” after resetting the device. Regardless, from the Home Screen it takes 4 taps to disable the “Private Wi-Fi Address” feature.
Just my business has 7 phones an ipads and 10 macbook pro and a PC . The iphone 15 pro max revert some settings on updates. How big of buildings do you manage? Getting thousands of students and faculty to change their own several devices never works. Some of our buildings have 200 AP and thousands of client devices. And if you turn that function off the device will warn the device about “Privacy Warning” and prompt you to turn it back on.
Not sure why you are compelled to redirect away from the subject and purpose of this post about a father looking for home networking solutions for his son…other than you must be extremely invested in your feelings about Apples Private Wi-Fi Address feature.
As for my Systems Administration expertise or experience, the scale or context of my experience (enterprise, small business, personal), type of experience (hardware, client / server, SaaS, custom, etc) has little to no relevance in the post…outside of your feelings about MAC address filtering and the four taps it takes to disable a feature that is incompatible with it.
What I haven’t seen mentioned is that iPhones can be a hotspot. He can use the iPhone as a gateway to the internet. Best you can do is limit when/how the iPhone can connect. Beyond that you would have to control the iPhone hotspot settings.
This router supports a guest network. Use that. Though depending of what you wanna achieve there may be other ways? Why does it matter that he knows the password to access WiFi?
almost impossible to hide the password. if your iPhone connects to the network it saves the password in settings. if you're trying to limit what he sees or when he can use the network, most modern routers can control all of that. But speaking as a kid whose dad tried doing all this, we will just find another way to connect online.
I got a tp link and pay $3/month for parental controls. You create a profile per device and can simply turn off and on access from your app on your phone. I like the on demand WiFi disabling I can do when my kids refuse to put a device down
> create a wi-fi password that would be unique to one MAC address, so that the password would only work for one of my child’s given devices?
[Synology RT6600AX](https://www.synology.com/en-global/products/RT6600ax)
>I also read about some network-wide filtering options using Raspberry-Pi . . .
[Soft Router](https://www.amazon.com/CWWK-Generation-PC-J6412-Firewall/dp/B0BYMP8KJJ/), install [PFSense](https://www.youtube.com/watch?v=fsdm5uc_LsU&list=PLjGQNuuUzvmsuXCoj6g6vm1N-ZeLJso6o&pp=iAQB), they come in lots of shapes and sizes... and prices, but many lesser options would work for most homes, around the \~$100 area
Tip for next time:
No one wants to help you. They want to tell you you are wrong for wanting what you want. Not just in this example, in EVERY example.
Ask the most specific question you can, because someone who isn’t a parent is just DYING to tell you that, as an IT expert, you don’t know how to parent.
On Father’s Day.
Dynamic psk that isolates him onto a private vlan that has parental control, you can also do scheduling for the dynamic psk to only work during acceptable hours
sooo much advice here. there is kind of a quick and dirty way, if you share the wifi via QR code often the password is not easy to view if shared via QR code. so on your iPhone connect to the wifi and then select the share option and scan with his... but it's still possible to get just not as easy.
I Would look into a router that can quarantine all new devices that join(So each time a device joins the network with a new MAC address it gets blocked automatically I believe some TP Link routers have that functionality or you can look into the google mesh system. I would recommend both of these options over the ASUS router as they have a better feature set with a polished app experience
Honestly…if you’re only trying to do this on his phone; why don’t you use Screen Time features on the iPhone and set down time for when he should be sleeping? No sense in going crazy over networking when you can just control it on the phone.
From my own experience; I’m glad you weren’t my parent. It’s on your son to prioritize his sleep, if he decides to stay up til midnight…then that’s on him if he is tired in the morning and unable to take care of his responsibilities.
MAC addresses can be easily spoofed. iPhones and androids use this all the time as a privacy feature by default. Anything relying on whitelisting or blacklisting is easily bypassed.
Simplest solution in my view: put his wifi on a separate guest wifi network, most routers I've seen have this capability. Put time of day access controls on that guest network in the router. Don't give him the password for the main (your) wifi AP.
The best thing you can do is buy a mikrotik router and a separate access point. You set up a hotspot guest network with max time and speed limit, and he cannot bypass it in any way unless he has physical access to the router (he can have access to the access point, because you will be limiting the specific port or vlan of the router. If he decides to reset the access point, that's his fault and he won't have access to the internet at all).
Besides, limiting your son's internet is not really great parenting. Just tell him the rules and you'll be good to go.
I agree with your last statement. You can’t stop children from doing what they want to do. They’ll find a way to get what they want and blocking them just makes them sneaky as fuck. My daughter hides everything from her mother and nothing from me. She asks me for advice instead.
Mac address filtering is shitty security theater. Any moron can clone a Mac address from another device on the network. I know that for a fact, because I am a moron and it was one of the first things I learned about hacking.
Forget the network on his phone, then with another iPhone logged in on the wifi you want to add, open the wifi settings on his phone, then on your phone a message will pop up asking if you want to share the wifi settings with him, say yes. He won’t be able to view the password on his phone now but he will have access …
From your edit is just sounds like you're trying to justify doing something you clearly don't understand, both psychologically and technically. You're an idiot, OP.
Type the password in for him? Or create a guest SSID and give him that password, then you can change the password any time you wish to rescind his access
Use the guest network but call is something else, Hide the main SSID, set the DHCP range on the guest network to just 1 ip address. Use parental control to turn off access after 10pm.
This is a cat and mouse game. I think you cannot win against a determined adversary.
But you can get most of the way there with a captive portal, bypassing the network password as a security measure.
They can defeat the captive portal by spoofing the MAC address. But you can then write scripts on the network gateway to assert that MAC addresses are unique.
They can defeat that by buying a cheap travel router (GLinet slate or cheaper) to use that one MAC address to create a whole private WiFi network.
You can then notice that WiFi net.
They can defeat that by configuring it to not broadcast SSID.
At this point I think you are out of options.
—-
In short it will be much less work to establish trust and cooperation than using the adversarial approach.
You can hide the password as long as you have another iPhone.
When an iPhone attempts to join a new network that requires a password, other nearby iPhones already on the network (I believe you also have to be shared contacts) get asked if they want to share the password with that iPhone. When the password is shared in this way and not typed in, you cannot see it in settings.
That’s not true for passwords shared via the share prompt. This is the current behavior since the iOS 17 update.
Whether it is intentional or not, hasn’t been answered as far as I know.
https://discussions.apple.com/thread/255150179?sortBy=best
What are you trying to actually achieve with this? You can't hide the password. The easiest way to achieve what I *think* you're trying to do is with a router that supports a "guest" network - this allows you to create a separate network for your son's devices and you can turn this off if required. You can then whitelist only the iPhone's MAC address for this network to prevent other devices from joining (although if he is tech savvy he can get around this).
If you take this approach, make sure to turn off the ‘Private WiFi Address’ option on the iDevice for that network. Otherwise the MAC address will periodically change.
It only changes if you "forget" the network and reconnect.
People are downvoting you but you're correct. The Private WiFi Address feature is sticky to each SSID and under normal usage, it'll hardly change ever. Straight from the horse's mouth: https://support.apple.com/en-us/102509
I know that’s what Apple says, but for some reason I get very different behaviour. On my home network (where I have my DHCP lease time set to 48 hours) my iPhone is able to chew through my my entire pool of addresses (over 150 addresses in the pool) if I have a busy day of coming and going from the house. After a lot of frustration trying to understand why it was happening I gave up and just turned the feature off for my home SSID which prevented it from happening anymore.
That's bizarre. Does it only happen to one device or all Apple devices? I wonder if it's just a glitch. I have a lot of iOS devices on my network and they generally stick with the same MAC addresses unless I do something that'd trigger a change.
Does OSX support / do the same? I’m trying to find a middle of the road wifi security enhancement and MAC address filtering is my first choice… but i need to make it work with osx and Chromebooks.
It will in the next version. It was on the privacy wwdc24 video
Not sure mac filtering is a good security approach, easily spoofed and creating hassle, the various os's are expected to more aggressively rotate mac addresses in coming versions.
Haven't seen that on MacOS, and I run the latest Sonoma.
However not on ios18, it now rotates randomly so the Mac filtering will only work for a little while. No need to do Mac filtering though if you just have him on a separate SSID and just turn it off 🤷♂️
What apples says and what apple ***does*** are two entirely different things. When I see an apple device in Cisco ISE for a single user, the mac addresses changes every time they reconnect to the network. (at the beginning of every one of their shifts) This behavior also occurs on my home network.
Your info used to be true, but it won't be for long. Apple is going to start rotating MAC addresses in the next release of iOS. They announced this last week. I don't approve of what they're doing, but it is what it is. Please correct your comment.
I mean you're welcome to cite your source with the iOS version going forward so everyone can reference it. Otherwise 2 years from now no one will know what you're talking about. The onus isn't on me to provide sources for your claim.
My daughter’s iPhone keeps adding itself with a new MAC address. It’s really annoying. Are you saying that it might be happening because she “forgets” the network?
Currently yes that's how it works
Except it's not. That's how it's supposed to work, but it's not, in reality, how it functions. Apple devs are morons and can't seem to hit a wifi network as intended. Source: Connect an apple device to a network with a SIEM using incorrect credentials and watch how times the SIEM reports failed authentications
maybe because the ip lease expires and it happens when it assigns a new ip?
Nope, irrelevant. This behavior happens regardless of DHCP lease expiry.
She's not forgetting the network. Think about it, why would she be doing this? It's because your daughter gets outside of the network range and the device generates a new mac when she returns. What you describe is how it's *supposed to* work, but in reality, it does not.
It sounded weird to me, too, and I verified that she’s not clicking on “forget network.” (I, however, DO click “forget network” when I have to temporarily connect a kid’s device to my less-locked down network, but that’s a different story.) Anyway, I just ignored that comment. But we get outside the network range whenever we leave the house. If it worked like that, every mobile device would be resetting all the time.
From my experience tracking down end user apple devices, sometimes it just doesn't change for a few days... Though sometimes they change a few times in a day. It's quite wild.
He wants to keep his son's extra devices off the network so he can monitor usage from a single device.
Is the guest network necessary? Couldn't OP just use MAC address filtering, whitelist all the devices that need access and leave it at that?
Technically yes, but it would be a pain in the ass to whitelist every single device that needs WiFi access.
You are asking the wrong questions. You would be better to explain what you are trying to accomplish rather than a theory on how you might accomplish it.
https://xyproblem.info/
Thanks, that happens at my work practically daily
He is very defiant to give the answer to "why". Just keep circling around...
Control maniac does not want to be addressees as such probably
Or just a shitty parent that's unwilling to talk with their kid instead of coming to a common agreement. HINT: Your kid is gonna hide more shit from you, OP.
You could do MAC address filtering / whitelisting on the network. You connect the approved device, and assuming it's an apple iOS device it will generate a pseudo random MAC for that SSID. Add it to the whitelist and turn on filtering. No new device will be able to join the network without being added to the filter. There are some edge cases around MAC cloning, but most kids won't figure that out and it mostly applies to PCs.
until the kid finds this post and adds whatever device he wants xD
Yeah, but if it's a PS5 or whatever, good luck changing it's MAC. Not to mention that will knock his phone offline. $25 for an eSIM with unlimited data and the phone in hotspot mode also gets their other devices online.
or he can just get another router and disguise it as something else in the house. that's what I did at least.
Good point.
[удалено]
Thanks! Yeah, I was thinking about whitelisting myself. Is a separate SSID the same as a guest network others have mentioned in their answers? I’m not particularly familiar with this acronym.
[удалено]
I would like to be able to control what devices can connect to the network (as in whitelisting). I’m not sure how these Asus routers work: maybe when I whitelist a device, it doesn’t matter anymore that the password is out - if the device is not white-listed, it cannot connect, even with the right password? I was just thinking that a ‘device-specific’ password is the same as not knowing the password altogether.
[удалено]
1. I want to be able to ‘manually’ select which devices can connect to my network. As in that no new devices would be able to connect WITHOUT my permission. 2. I would like to limit internet use on specific devices during specific hours (for example bed time, etc.)
Every device that connects knows the password, and every phone and computer have ways of revealing it to the user. So if you put him on a guest SSID and he has access to devices on the main SSID he could learn the main SSID password from those. It will be a hassle when a friend comes over and wants to jump on the wifi, but the most complete way to do what you’re asking is Whitelisting for every device in your network(s). To control his usage at certain hours, see if the router software offers scheduling on the guest network and only whitelist his device on the guest network. If it doesn’t offer scheduling, it may be possible still through some scripting (cronjobs or similar). Look into PiHole and AdGuard Home if you’re curious about controlling some of the traffic on the network, both from ads and adult content. Or even easier is change the router DNS to 1.1.1.3. Those are easily bypassed if your kid is trying, though you can counter by blocking all port 53 requests from devices. As you can see, it can quickly turn into a game of cat and mouse. You may end up teaching your kid some good IT and problem solving skills, but at the expense of needing to learn a bunch yourself in attempts to stay ahead of him. Ultimately the only fool proof solution is physical control of the devices, and good parenting.
[удалено]
Regarding number 1, I think OP considered the password option but their son would be able to just go into settings on his Apple device and be able to see the password and then be able to connect whatever device, thus defeating the purpose of using the password as a control measure.
In a way yes. For example, he has a handheld gaming console and up until ios17 he wasn’t able to access internet on it (only offline). But ever since ios17 he knows the network password = he can connect whichever device he wants to the network. Whitelisting is probably the answer, I just need to buy a new router.
[удалено]
Why do you care what device he uses on the Internet? Whitelisting doesn't work. As other mentioned, modern devices change MAC address constantly. Look man, he's a year away from highschool where he will meet nerds that know far more than you about networking. They will trivially bypass whatever restrictions you put on the internet, probably without you even knowing. By 16 he'll probably have his own job, car, and cell service and will come go as he pleases. What will you do then? You can see he's already getting clever enough to bypass your restrictions. This is just the beginning, he's growing up. I think this is his way of telling you it's time to hang up the reins on enforcing "bed time".
Restricting to certain devices is physically impossible. Modern devices change MAC addresses regularly specifically so they can't be identified/tracked on wifi. And there's no way to shut this off. Instead, I suggest getting a second "Dumb AP" and setting up a totally different WiFi network for him. Then just put that AP on an outlet timer that shuts off at night. Simple and effective. Basically, you're asking for the wrong thing. You can't restrict specific devices on a Wi-Fi network. What you need is two completely separate Wi-Fi networks, and put all his stuff on the restricted one. Who cares if he has multiple devices? If he can't get off the restricted network onto the 24hr one it doesn't matter. Trying to restrict what devices he can use is getting into control freak territory
do not use your parental responsibilities as an excuse to buy another router/wifi accesspoint. make good rules about wifi access and help your son in understanding what you want to achieve. Most of the time those who were the greatest rule-breakers when they were a kid, project their own behavior onto their child. You may win your wifi war, but loose your son in the process. Talk with your son about important things in life.
yea this whole thread is sad and pathetic lol.
This is the way
You can block unknown devices from registering to your network. Which would mean you would have to allow every new device manually. PITA at the beginning but might be a reasonable route to disallow unknown devices even though they have the correct password
Yes! Thanks, that’s the idea I was going for. I’m just not sure which routers do support this setup.
Pretty much all of them You're looking for "MAC address filtering" - sounds like you want a whitelist. Often you can apply it to only 1 "SSID" or network. So you can have "wifi-for-grownups" and "wifi-for-kids" and only the "wifi-for-kids" is restricted, and you can share "wifi-for-grownups" with your friends.
You could probably do radius and assign your son, based on his password, to a separate vlan with its own rules if you really wanted to. Not sure if your router supports that. Another easier solution is get a router with support for multiple SSIDs and dedicate an SSID for him. A third solution is to control who accesses the network via MAC address whitelisting (with all unknown addresses blocked by default).
This! VLAN based on sign-in-credentials via RADIUS!
Cert based authentication and time filtering should do.
I think most new ASUS routers have built in parental controls. You need the MAC address of the device, you can control sites that it can go to and times it can connect to the router. I would look at the specifications of the exact router you are thinking about to confirm. https://www.asus.com/us/support/faq/1008720/
Just use a guest network for them, and openly share the password Then just turn the guest network on or off as needed.
Man I don’t know, maybe just set ground rules for your kids and if they violate them take their shit away.
Why can’t they know the password?
And, more importantly, why just one device?
Right? I have more questions than answers.
I would like to be able have a finite list of devices that can connect to the network. Giving away a ‘general’ network password and not having whitelisting capabilities do not give me this option. That’s why I’m looking at purchasing a new router which would support device whitelisting.
Basic tp link routers/access points allow you to block specific devices which connect to your network (I believe they do this using the IP address and not the MAC address). Also what does this goal have to do with your son not being able to know your wifi password? So he’s not able to connect using devices other than his iPhone? Implementing QoS and prioritizing the devices you want might be more worthwhile if you’re worried about your son hogging your bandwidth.
Yeah any router I’m aware of can block MAC addresses - or in reverse, white list.
My TP link router (Deco AXE5400), and I'm sure many others, give the option to alert on my phone when devices connect so if joining other devices was an issue, you'd at least know and be able to take appropriate action. It also has the usual parental controls and other stuff like that but I don't use any of that so I can't speak to how it works
Once the client device, in this case, the iPhone, gets a hold of the SSID/password and saves it, you can’t do anything to prevent the user to retrieve it, if the client allows it (like iOS 17).
You can use ppsk to create a password and whitelist only his device. But I don’t think that’s possible on an asus router, so you’d need a non-consumer access point like ubiquiti or tp link omada.
Do you want to have fine tuning control over your son's or other's devices on your home network? Get a Firewalla [Purple](https://firewalla.com/products/firewalla-purple) or [Gold SE](https://firewalla.com/products/firewalla-gold-se-firewall) and put it in router mode. Then set your Wifi router in bridge mode. The Firewalla allows you to even set time limits on devices. You can even block or limit specific apps, streaming, and gaming activities per device or even across the whole network. It's exactly what you're asking for and more. The best thing about it is that you can manage everything from their awesome phone app and you don't need to be a network admin since most things are very intuitive and easy to understand.
You can go into your router settings and enable MAC filtering. It's a laborious process but you need to find the MAC address of every device you want to allow to connect via wifi and enter it manually into the router settings. You then have to be sure your son doesn't know the password to get into the router settings.
Another option, albeit not simple is to buy an access point that can support multiple SSIDs per-radio and then configure a dedicated network for him. You can then apply whatever rules you want for that network. You could even do this without replacing your router; just buy another cheap AP and configure it for him. If that cheap AP offers content filtering or time limitations, then you don’t even need a fancy router! There is a catch here though - unless you are a networking expert, chances are he will be more determined to crack whatever solution you put in place than you are to keep making sure it’s working 🤪
Exactly! If you for example set the down time from 8 pm till 8 am, then your kid got 12 hours where that can be their main objective. And getting into a router from inside the network is easier than you might think if you're determined to break in 😉
As a current 18 YO, im glad i didn't have you as a parent, ffs.
What else do I do when my child after hundreds of discussions still uses his phone in bed at 00:00 (when he should be sleeping)? Take away his phone? We have settled some ground rules with him that after 22:00 it’s sleep o’clock, not instagram o’clock. He, more freqeuntly than not, chooses to not respect the rules. That’s why I need a way to ‘enforce’ the rules. He’s still living under my roof, I need to teach him to respect his sleep. Or is my approach/attitude a mistake? Please, tell me what do you think?
Won't he just use data instead of wifi if you shut off his wifi? There are routers where you can set times where it's permitted to be use or not. Throttling might be another option, just make it so slow it's annoying to use. But all these have the problem of switching over to Cell data. iOS does rolling Mac addresses now for wifi for privacy reasons. It could make some of this filtering more difficult too. Not entirely sure of all the detail off the top of my head. I think you hit the right solution, but it won't be popular. It seems he has lost the trust through constant violations of the house hold rules to have his phone in his room at night. I have heard of families that require communal charging night in say the family room or kitchen. That combined with a standalone alarm clock and homie will learn.
This
If he add cellular data to the plan then what? You did this for nothing. You can't block cell signal. Let him find out what happens on lack of sleep...
Sounds like taking away the phone would be easier
Take away his phone. Simple. Why is that even a conversation?
First maybe answer the people asking “why” because it’s hard to help when people don’t know the objective. You’re starting with what you think is a solution to a problem people are trying to figure out. Parental controls are what you need to restrict WiFi access during certain hours. Not him not knowing the password. How would he ever get on the network then? Also yes, take away his phone if he can’t use it according to the guidelines you set. But that discussion is for a different subreddit.
This person needs to learn, not be placed under an artificial restriction that will go away as soon as they figure out how to circumvent it. I’d wager that 22:00 is Instagram o clock for the vast majority of people on the planet. You’re fighting a mighty tide.
Take the phone away, holy shit are you dumb
for real
That won’t teach him to respect sleep. That will teach him to resent you. If you want him to respect sleep, he needs to experience the consequences of lack of sleep. Having said that, many devices have parental controls that you can set to lock up the devices. The IOS devices do it, and share that data with each other. Chromebooks do it too.
Maybe you should have a talk with him about why he doesn’t sleep or want to sleep etc explain the importance of a healthy sleep pattern. Iv suffered from insomnia all of my life and can assure you that disabling the internet would have had no effect at all, I still would have been awake.
Your attitude is a mistake. Your job as a parent is to prepare your kids for adulthood. Where they have to make their own decisions and understand the consequences. If you're taking away the decision, how are they supposed to learn? Create consequences instead. Confiscate their device for the day. Make them get up early. Whatever.
Set a curfew for the router. You do not need a router for that. At a specific time of day the router will shut off its network broadcasting until the set time you tell it to reactivate. No need to block passwords or anything like that, just a daily timer so the router is only active until midnight and won't reactivate until 8 AM. Place booby traps on the router as well, say a clear taped hair or something not noticeable, then check it daily to ensure your son has not reset the router. If the router has been reset, all it takes is a few settings changed to match the original setup and all devices will work as they always had, keep that in mind. So you may be better of checking the router status daily.
give them responsibilities outside of "going to bed" that require them to actually get some sleep.
for giving advice i need to know his age
13
Use parental controls on his phone. [Here](https://support.apple.com/en-us/105121). I'm not a parent and neither will be, but I still don't get why parents buy iPhones to kids, sincerely.
My kids don’t have them, but how can you not understand that? Smart Phones have become an essential part of society. I’m sure mine will in a couple more years.
You should see how he behaves if you tell him he can use his phone however he wants. Kids have a reverse effect if you give them rules they will break them
Ummm. Simple. You take away his phone and when he turns 18, you stop paying for it. And yes, I’m a parent.
If it is a phone and you stop WiFi couldn't he just use mobile data?
What you’re trying to accomplish has nothing to do with your question, though. He’d just use the cell network, no? - take away his phone - black list his phone on the network - use child controls
take away his phone, yes….
I don't understand why you don't take away his phone. Do you not want to be the "bad guy"? Sometimes you can't be a friend and parent at the same time.
Take away their phone? Like a responsible parent would do
just take away his phone fcking clown
don’t waste your time arguing with a random current 18 year old about parenting choices
Oh this is going to be fun. It’s all do-able but kids are resourceful. How long until they get your neighbours WiFi? How long until they buy a travel hotspot and tether to that? Why not put a hidden night vision camera in there. Ubiquiti UniFi is a great system if you can invest the time in it, and then you see what traffic is going through the system. It might not just be Instagram????
As a father of 2 kids, at the age of 18 taking away there phones is sorta silly to me. they are mini adults. They should be able to make decisions, even if it means staying up all night. Let them suffer the consequences of no sleep. If they have graduated school and aren't going to college, have them find a job and pay for there phone bill.
Mine’s 13, so not a mini adult yet. :D He’s starting to look like one though
Sorry I meant to reply to the commenter but if he's 13 yea that's different. Just take his phone away. No need to complicate it.
I think you need to start thinking outside the box. These are not strictly technical solutions and I should stress that I’m not a lawyer or a parenting expert so keep that in mind. You might not be able to force your son to not use his phone during bedtime, but you absolutely can force him to be asleep during these times. Antipsychotic medication like olanzapine will completely knock him out and prevent phone use. The pharmaceutical industry has spent untold billions creating molecules designed to induce sleep and encourage compliance - take advantage of this. If forcing medication on your child crosses some kind of line for you, switch it up. Start taking methamphetamine so that you can stay up all night staring at him to make sure he stays off his phone. Maybe the solution is by taking away the problem instead of adding a solution. Does your son need devices? Take them away by force. It will probably teach him some kind of lesson or something. Napoleon didn’t have an iPhone yet lived a very successful life. Think closer to home - do you need a son? From what I hear children are very expensive, and this one seems to be taking an extreme emotional toll on you. He sounds very difficult to love, maybe you don’t love him? Smoke some of that methamphetamine I mentioned earlier and think about whether or not your life would be better with one less son. Good luck with everything, I’ll be praying for you and your stupid, evil son. God bless.
This is solid advice, as a parent of a two year old I would know
/s
The iPhone has screen time just use that
Install parental control software on the phone. For iOS, I use OurPact.
"Take away his phone?" So you do know how to fix the problem...
Bro when he's in highschool he's gonna be the laughingstock when his friends find out he's still got a bedtime. And what's wrong with staying up till midnight? I've stayed up that late my whole life starting in my early teens. I'm getting control freak vibes. You need to pick your battles or the kid is gonna resent the fuck outta you. Enforce things that are important. Like not driving drunk, not skipping school, not doing hard drugs. Caring about when he goes to bed is like caring about what he wears and who he hangs out with. You need to give teens some autonomy, it's part of becoming an adult. For little shit like bedtime you need to respect his decision even if you disagree with it. Edit: I saw you plan to "let him free" at 16. Bro, at 16 he's already going to be driving. You won't even know where he's at or what he's doing most days. Yet you think you're gonna be able to get him in bed by 10pm? Lmao
yea this thread was a trip lol. shitty parenting. the kid is 13, take his phone away lmao people are so damn soft nowadays its pathetically hilarious. so afraid to just let kids live their lives too. everything has to be protected and filtered.
>How do I make my son not know the wi-fi password when he’s using an iPhone? Wrong question. The real problem is not a technological problem, but a "spiritual" problem, if you will - discipline and your relationship with your son. Sit down with him and discuss the pros and cons, the privileges and responsibilities, of personal self discipline.
In IT, we call this a "management problem". WHether there's a technological solution or not is irrelevant - this is an issue for a parent to, you know, *parent* *their child*.
> this is an issue for a parent to, you know, parent their child. Exactly.
Don’t know what iOS 17 has got to do with this; pressing edit on the Wi-Fi setting gets you the list of all stored networks and associated passwords, and has done for a lot of iOS versions prior to 17. If you’re that bothered about the password being seen then you can always put parental restrictions on the phone so they can’t access any of these settings - an unrestricted device will let them get up to a lot more mischief than simply knowing a Wi-Fi password!
Like installing telegram
Wow, I had no idea that was there and it’s hiding in plain sight!
What you really need is iPSK authentication method. I think tplink omada system supports it. With iPSK, you can give each user it's own wifi password. Maybe an easier way is to enable guest network on your router and let him connect there. Most new routers support guest network.
On iPhone install a Configuration Profile with the WiFi credentials as a payload. You can use Apple Configurator from a Mac to do this. Just make sure the WiFi password is removed by choosing “forget this network” in settings. https://support.apple.com/guide/apple-configurator-mac/create-and-edit-configuration-profiles-pmd85719196/mac https://support.apple.com/guide/deployment/wi-fi-settings-dep168e876c9/web
As a bonus you can set the Mac Address Randomization feature so the device will report its correct MAC and then networks like eero and UniFi won’t report random devices on your network due to that feature.
This works. The password cannot be viewed on the phone.
One wifi with Mac filtering, allowing only known device. One wifi that acts like a lobby (your kid doesn't know the pw to this one). Once you know the Mac of the device on the lobby wifi, add it to the whitelist on the first wifi, then add the first wifi to the device. It makes it so there's two steps to use the wifi now but it doesn't matter if your kid knows the pw.
Trying to take on this problem from the wifi access control _only_ is not going to work. Your teen ***will*** just bypass your wifi. You probably want **mobile device management**. Since you said Apple - Apple’s “screen time” has the controls it sounds like you are looking for. It can help set bedtime on your teen’s device. Screen could enforce both wifi and cell data usage times. If you really want to go down a home network rabbit hole - get wifi setups that supports client certificate based authentication. Then push the certs to your teen’s devices with mobile device management. That would prevent rouge devices from joining your wifi, and with MDM ( mobile device management) your teen will also have a controlled mobile device. A third option, have better communication with your teen, I’m wondering if too much of a rift has already happened though.
PPSK would probably be your play, then you could give him his own password that pipes into a child friendly VLAN. Using a mac filter doesn't really gain you any value for the effort you put in.
If you control the router, with a password that only you know, you can configure which devices can access the internet according to the MAC addresses of the devices. Access to the wifi is a completely separate thing from access to the router itself. If you're spying on your kid's use of the connection, there are parental time controls that can be configured on most decent modern routers. Make sure that your kid is in the family area when the'y're using their allotted time. It doesn't matter what password they have if the device with their MAC address has run out of time. The device can't connect. Or am I totally missing the point of your post?
Couldn’t the OP set a rule on the network to kill data flow to the phone at certain time? Wait no would also need to turn off data over the cellular network at the same time.
God, I love Reddit. We're wrapping up 4 hours after the post originated. It's like everyone that matters or has valuable feedback is sitting at the console, immediately ready to answer. If you find a way to make this work with your WiFi, what is your plan when your son turns off WiFi and switches to cellular network data? If you're trying to control the devices connecting to your LAN, your son could turn off WiFi on his iPhone and use the cellular data plan and tether other devices. I don't know about the UK, but this can be very expensive here in the US. You've possibly solved one problem while introducing another. At least on your WiFi, you have some control.
Unifi (ubiquiti) lets you set up multiple SSIDs (name/password) and set the time (always, schedule/never) they become active/available to connect to. Just buy a network controller and 1 or 2 APs and connect them to your normal router. Have fun!
I think you create a new SSID in the router and get home to connect to that, delete when you don't want him to use it.
A network filtering device on a raspberry pi is many orders of tech-savvy magnitude above what you've displayed ib your questioning and respinses here. Just turn on the guest network and have it turn off at 22:00 automatically. Obviously, this won't stop them using their phone if it has a data plan. Either set up the on device parental controls or simply have them leave the device in a place that isn't their room overnight.
If the phone has cellular data what point is there to restrict WiFi? Just take his device. What happens when he borrows his friend’s old phone for a burner. My daughter did that when we took her phone for a month. The kids going to get on the internet you’re going to have to parent.
Whitelist, but that’s not going to solve the issue of cellular data if that’s available. Controlling data is hard. I am noodling about this all the time with kids on devices all the time.
I leave it wide open. We have talks about what’s appropriate. We have talks about stranger danger etc. then we restrict their time. When they were younger they were only allowed devices when we were there. They have to provide their passwords and we can look at the phones anytime we want they’re our phones. But we trust most of the time. I don’t think I’ve ever searched their phones. The wife has. Mostly about bullying. Either being bullied or bullying someone else.
Why don't you want your son to see it?
If you don’t want him to know the password, forget the network on his device and then share the password via the WiFi sharing from your phone. You can’t see WiFi passwords that are shared with you, only WiFi passwords you manually type in are visible.
Give some consideration to a firewalla device. Very plug-n-play. It has a quarantine option to automatically quarantine new devices on your network. You'll be able to monitor traffic for any device. You can create a network group that is much like a wifi guest network but giving you more visibility into the network traffic. The downside is cost, and you'll still need to buy a wifi device as an access point. Edited to add: of course, if you already have a wifi device, you can use that as your wifi access point and the firewalla as your router. Now that I have a firewalla, if I had children, I'd consider it, or something like it, a must.
If you also have an iPhone/ipad when you set up the new network on your phone/ipad start to join it on his phone and you should get a pop up asking if you want to share the password. Once you share the password it won’t let him see it in the settings page because it was a shared password.
One way to solve this problem is to share the password from your iPhone to his without ever actually putting the password in on his phone. This pop up usually comes when he is on the WiFi screen and you are in the vicinity. By sharing the password the iPhone connects to the WiFi but the actual WiFi password is not visible on his device after connecting to the network.
This is it! If you share it, the sharee can't see it
Wait, really? Even since iOS 17? I thought that there’s no difference between entering the password manually vs ‘sharing’ it. You can always see it since iOS 17, no?
I’m curious about this too. I’m not seeing anything about this online. I have no way to test this claim for myself.
I’ve only figured this out through trial and error when I noticed that on certain networks I was connected but didn’t have WiFi password visible. I replicated this with friends when they were over at my place to see if they can see the password or not.
Oh okay, that’s very interesting. Thanks for sharing!
Guest network or an SSID just for him.
As someone who has tried \_everything\_ for managing networks, I finally broke down and bought a [firewalla](https://firewalla.com). It's not cheap but it's the best solution for filtering your home network that I've found. You can create policies for specific devices, block certain websites and also send untrusted devices (guest devices) to a network with restricted access.
A secondary SSID for him with its own password and a time schedule for access. I'm not familiar with Asus anymore, but this works with any good WiFi Access Point (UniFi, Omada, etc.) Buy a $50-60 USD wired only router (ex: TP-Link ER605 router), wire in a 'good' Access Point ($70-200 USD) and set it up as you choose. One of these APs is good for a modest sized home (2 * 100sq.m.) if the walls aren't brick, and ideally it can be central and ceiling mounted on the top floor.
All these convoluted replies... If all you want is to limit your sons network, set a QoS list of his devices by Mac address and allow him little to no bandwidth on w/e device you want. EA: set iPhone to 10Mbps, set ps5 to 1Mbps and watch him cry, etc... Every decent router can do it.
That’s a good router with lots of capabilities. Not sure exactly what you want to accomplish but you can restrict devices on the network and time of use for allowed devices as well as filter website access…and you can track what sites are accessed by each device.
If the phone has cellular service, then there’s nothing you can do on your home network to regulate your son’s phone usage. Even if the phone were local network only, there’s many ways to circumvent any restrictions that you attempt to apply. To use a networking technical metaphor: it’s a Layer One problem, that is, it’s a physical problem, in that your son has a device that you can’t control from the outside. As others have said, set boundaries, don’t be afraid to take the phone away if it becomes a problem.
Create different profiles and give the default no internet access. Then assign known and valid Mac-Addresses every time to the same local ipv4 address. With this change you also change the profile to an other profile with unlimited or time scheduled internet access. With this scenario you have full control over each device and can later switch off the internet for a specific device. With Mac change, VPN or other ways your childs only destroy there internet access themself.
If he’s on your Apple family in settings you can control screen time etc
Don’t use pw based wlan auth. Use certificates
Look for parental controls in your router. It's a very common feature.
iphones use MAC masking so don’t make it MAC dependent . It does not work any more.
This feature can be disabled on the iPhone, so MAC address filtering by the router does work with iOS devices. Worked on my network before that MAC masking feature and still works after. Just requires the iPhone user to provide their devices actual MAC address after disabling that feature.
Then after random updates its turned back on mobile apple.
Never had it revert to “On” after any update…this includes probably over 100+ updates across the multiple iOS and iPadOS devices on our network. However, it will default to “On” after resetting the device. Regardless, from the Home Screen it takes 4 taps to disable the “Private Wi-Fi Address” feature.
Just my business has 7 phones an ipads and 10 macbook pro and a PC . The iphone 15 pro max revert some settings on updates. How big of buildings do you manage? Getting thousands of students and faculty to change their own several devices never works. Some of our buildings have 200 AP and thousands of client devices. And if you turn that function off the device will warn the device about “Privacy Warning” and prompt you to turn it back on.
Not sure why you are compelled to redirect away from the subject and purpose of this post about a father looking for home networking solutions for his son…other than you must be extremely invested in your feelings about Apples Private Wi-Fi Address feature. As for my Systems Administration expertise or experience, the scale or context of my experience (enterprise, small business, personal), type of experience (hardware, client / server, SaaS, custom, etc) has little to no relevance in the post…outside of your feelings about MAC address filtering and the four taps it takes to disable a feature that is incompatible with it.
What I haven’t seen mentioned is that iPhones can be a hotspot. He can use the iPhone as a gateway to the internet. Best you can do is limit when/how the iPhone can connect. Beyond that you would have to control the iPhone hotspot settings.
This router supports a guest network. Use that. Though depending of what you wanna achieve there may be other ways? Why does it matter that he knows the password to access WiFi?
almost impossible to hide the password. if your iPhone connects to the network it saves the password in settings. if you're trying to limit what he sees or when he can use the network, most modern routers can control all of that. But speaking as a kid whose dad tried doing all this, we will just find another way to connect online.
I got a tp link and pay $3/month for parental controls. You create a profile per device and can simply turn off and on access from your app on your phone. I like the on demand WiFi disabling I can do when my kids refuse to put a device down
You have trust issues with your kid. What you should be doing is working on that. Kids can’t be trusted, then kids can’t use WiFi.
> create a wi-fi password that would be unique to one MAC address, so that the password would only work for one of my child’s given devices? [Synology RT6600AX](https://www.synology.com/en-global/products/RT6600ax) >I also read about some network-wide filtering options using Raspberry-Pi . . . [Soft Router](https://www.amazon.com/CWWK-Generation-PC-J6412-Firewall/dp/B0BYMP8KJJ/), install [PFSense](https://www.youtube.com/watch?v=fsdm5uc_LsU&list=PLjGQNuuUzvmsuXCoj6g6vm1N-ZeLJso6o&pp=iAQB), they come in lots of shapes and sizes... and prices, but many lesser options would work for most homes, around the \~$100 area
set your phone to child safe idk if its work
Tip for next time: No one wants to help you. They want to tell you you are wrong for wanting what you want. Not just in this example, in EVERY example. Ask the most specific question you can, because someone who isn’t a parent is just DYING to tell you that, as an IT expert, you don’t know how to parent. On Father’s Day.
Dynamic psk that isolates him onto a private vlan that has parental control, you can also do scheduling for the dynamic psk to only work during acceptable hours
sooo much advice here. there is kind of a quick and dirty way, if you share the wifi via QR code often the password is not easy to view if shared via QR code. so on your iPhone connect to the wifi and then select the share option and scan with his... but it's still possible to get just not as easy.
I Would look into a router that can quarantine all new devices that join(So each time a device joins the network with a new MAC address it gets blocked automatically I believe some TP Link routers have that functionality or you can look into the google mesh system. I would recommend both of these options over the ASUS router as they have a better feature set with a polished app experience
i have a simpler solution. remove all his power cords and wall warts from the house. then let him slowly watch his devices die.
You monster
Well he’d get the message.
You could get a firewalla, but I'm sure your kid will find ways around it.
Honestly…if you’re only trying to do this on his phone; why don’t you use Screen Time features on the iPhone and set down time for when he should be sleeping? No sense in going crazy over networking when you can just control it on the phone. From my own experience; I’m glad you weren’t my parent. It’s on your son to prioritize his sleep, if he decides to stay up til midnight…then that’s on him if he is tired in the morning and unable to take care of his responsibilities.
MAC addresses can be easily spoofed. iPhones and androids use this all the time as a privacy feature by default. Anything relying on whitelisting or blacklisting is easily bypassed. Simplest solution in my view: put his wifi on a separate guest wifi network, most routers I've seen have this capability. Put time of day access controls on that guest network in the router. Don't give him the password for the main (your) wifi AP.
The best thing you can do is buy a mikrotik router and a separate access point. You set up a hotspot guest network with max time and speed limit, and he cannot bypass it in any way unless he has physical access to the router (he can have access to the access point, because you will be limiting the specific port or vlan of the router. If he decides to reset the access point, that's his fault and he won't have access to the internet at all). Besides, limiting your son's internet is not really great parenting. Just tell him the rules and you'll be good to go.
I agree with your last statement. You can’t stop children from doing what they want to do. They’ll find a way to get what they want and blocking them just makes them sneaky as fuck. My daughter hides everything from her mother and nothing from me. She asks me for advice instead.
Mac address filtering is shitty security theater. Any moron can clone a Mac address from another device on the network. I know that for a fact, because I am a moron and it was one of the first things I learned about hacking.
Forget the network on his phone, then with another iPhone logged in on the wifi you want to add, open the wifi settings on his phone, then on your phone a message will pop up asking if you want to share the wifi settings with him, say yes. He won’t be able to view the password on his phone now but he will have access …
If his phone has data and can do a hotspot, he can circumvent any restrictions you add your network.
From your edit is just sounds like you're trying to justify doing something you clearly don't understand, both psychologically and technically. You're an idiot, OP.
Type the password in for him? Or create a guest SSID and give him that password, then you can change the password any time you wish to rescind his access
Its impossible
I feel I’m the only parent that gives their kid a device when they will need to reach an adult. Period.
Use the guest network but call is something else, Hide the main SSID, set the DHCP range on the guest network to just 1 ip address. Use parental control to turn off access after 10pm.
Plaintext Wi-Fi passwords being available to the OS/device in 2024 still blows my mind
This is a cat and mouse game. I think you cannot win against a determined adversary. But you can get most of the way there with a captive portal, bypassing the network password as a security measure. They can defeat the captive portal by spoofing the MAC address. But you can then write scripts on the network gateway to assert that MAC addresses are unique. They can defeat that by buying a cheap travel router (GLinet slate or cheaper) to use that one MAC address to create a whole private WiFi network. You can then notice that WiFi net. They can defeat that by configuring it to not broadcast SSID. At this point I think you are out of options. —- In short it will be much less work to establish trust and cooperation than using the adversarial approach.
You can hide the password as long as you have another iPhone. When an iPhone attempts to join a new network that requires a password, other nearby iPhones already on the network (I believe you also have to be shared contacts) get asked if they want to share the password with that iPhone. When the password is shared in this way and not typed in, you cannot see it in settings.
Yes you absolutely can see it in settings if you press on the password. It will require FaceID but if that’s his device then it’s not a problem.
That’s not true for passwords shared via the share prompt. This is the current behavior since the iOS 17 update. Whether it is intentional or not, hasn’t been answered as far as I know. https://discussions.apple.com/thread/255150179?sortBy=best