Suppose option encryption 'psk2+tkip+ccmp'
and 63-character high complexity password should mitigate if not thwart such a potential attack.
This is related to wifi roaming. That is not enabled in default in Turris.
Having such a long password is probably overkill but why not.
Aside from being a royal PITA to enter on devices that can’t do some electronic method of obtaining such a password, I’ve found some simple devices that cannot use passwords over 32 characters in length.
But, aside from that, I agree that a longer password is beneficial.
Or possibly use RADIUS.
it is a 5 minute inconvenience for each such device that is not supporting pasting passwords.
Convenience trumping security seems a popular tune though.
some IoT not adhering to WPA2 standards? That would worry me in general of what/how things are implemented in such device.
Certainly the best bet but it requires a radius server/backend to run/maintain. Notwithstanding whether the aforementioned simple devices feature WPA2 enterprise support.
During Setup I saw that the Turris Omnia, latest version, uses WPA3P/fallback WPA2 for authentification.
While probably being a sane default for usability, could this be changed to WPA3-only?