Network Working Group                                           RelunSec
Internet-Draft                 Security Researcher part of InsiteTech.jp
Intended status: Informational                               7 June 2026
Expires: 9 December 2026


   Phishing-Resistant Multi-Factor Authentication for Wi-Fi Networks
                     draft-relunsec-wifi-yubikey-00

Abstract

   This document proposes a phishing-resistant authentication mechanism
   for home Wi-Fi networks using hardware security keys (e.g., YubiKey)
   alongside traditional passwords to mitigate Evil Twin attacks.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 9 December 2026.

Copyright Notice

   Copyright (c) 2026 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.






RelunSec                 Expires 9 December 2026                [Page 1]

Internet-Draft          WiFi Phishing Resistance               June 2026


Table of Contents

   1.  The Current security problem with WiFi  . . . . . . . . . . .   2
   2.  The Proposal  . . . . . . . . . . . . . . . . . . . . . . . .   2
   3.  Motivation  . . . . . . . . . . . . . . . . . . . . . . . . .   2
   4.  Backwards compability . . . . . . . . . . . . . . . . . . . .   2
   5.  How users can enable it . . . . . . . . . . . . . . . . . . .   3
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .   3
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   3
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   3

1.  The Current security problem with WiFi

   i'm RelunSec a security researcher, my mission is to improve WIFI
   security

   We faced a lot of problems, because of those evil twin attacks
   against WIFI home networks, those are used to obtain victims wifi
   passwords, that why i'm a security researcher, i'm here to propose
   that

2.  The Proposal

   the thing is WIFI will support phishing resistant methods like
   yubikey alongside passwords

3.  Motivation

   i wanted to propose that to improve WIFi network security, after that
   proposal even attackers used evil twin and phished victim wifi
   passwords they need a yubikey to authenticate to the network. a
   yubikey cannot be phished, like with websites yubikeys cannot be
   pished and phishing resistant methods

4.  Backwards compability

   yubikey support is an available option, will be not mandatory
   passwords will be the first method and then will prompt you to insert
   a yubikey, after inserting it the WIFI connection will successed else
   fails if not enabled will be the current behavior.











RelunSec                 Expires 9 December 2026                [Page 2]

Internet-Draft          WiFi Phishing Resistance               June 2026


5.  How users can enable it

   1- Future routers will have yubikey support option, you go to the
   router interface and register the yubikey 2- Then you activate
   yubikey option 3- reboot the router 4- all devices will be
   disconnected, to connect enter your normal password and then insert
   your yubikey 5- Now you are connected safely to your wifi network,
   there a no worry anymore about evil twin attacks

6.  Security Considerations

   This document describes a security enhancement.  The use of hardware-
   based multi-factor authentication (MFA) significantly reduces the
   risk of credential theft via Evil Twin attacks.  By requiring a
   physical presence gesture (such as a YubiKey tap), even a compromised
   password is insufficient for an attacker to gain access to the
   network.

7.  IANA Considerations

   This document has no IANA actions.

Author's Address

   RelunSec
   Security Researcher part of InsiteTech.jp
   Email: relunsec@insitetech.jp
























RelunSec                 Expires 9 December 2026                [Page 3]