Nicholas Weaver on Lawfare notes a weakness in Wi-Fi passwords in passing while addressing a newly discovered vulnerability in WPA2 called KRACK:
So unless your Wi-Fi password looks something like a cat’s hairball (e.g. “:SNEIufeli7rc”–which is not guessable with a few million tries by a computer), a local attacker had the capability to determine the password, decrypt all the traffic, and join the network before KRACK.
Our Wi-Fi password does actually have a passing resemblance to a cat’s hairball.
And that’s all. I just liked the simile.