Duane wrote:
If someone knows your WPA password they will be able to read the MAC address of any connected computer, clone that address, and join your network in a matter of minutes.
Yeah - IF you know the password. If you don't know the password, it can make some injection attacks more difficult.
Therefore it is a waste of time to use MAC address filtering (access control).
I disagree; it's part of the philosophy of 'defense in depth' - using multiple layers, even if some are only marginally useful. MAC address filtering is indeed little more than a speed bump to a skilled person who knows the password - but it is a speed bump nonetheless.
It requires some skill to clone the address - the vast majority computer users don't know how to clone a mac address, and most will simply assume that they got the wrong password, and try somebody else's network.
People looking for a 'free wifi' to use generally move on if it doesn't work in the first minute or so.
If you're looking to foil an experienced attacker, you need more security than anything the AirPort has to offer anyway - which is one reason why most of the corporate wi-fi access I've seen is inside a DMZ, firewalled off from the rest of the network.
Just be sure and use a strong non-dictionary WPA password.
Yeah, preferably a non-sensical password like <#fGx92*'}+,. Not the easiest thing to remember, but that's what keychain is for.