Ok, so I'm getting in a dorky debate with someone on Twitter (ugh, that's something I never wanted to say). I read his review of some product that didn't support hidden SSIDs, and the reviewer cited this as a giant security flaw and docked points from the product.

I wrote to him to argue that because it is so trivial to get around hidden SSIDs, it's not a worthwhile security practice. In fact, I'd argue that a novice computer user might erroneously assume that if the SSID is hidden, they don't need to use security and can therefore forgo using a password, which would be a big mistake.

He wrote back with the following: "It's standard practice. Of 100s of tested devices this yr alone, only 2 didn't support it. Must cover every base for security."

I argue that it is NOT "standard practice" at all. A simple search for "hidden SSID" will give you hundreds of results that say essentially the same thing: getting around hidden SSIDs is laughably easy. And while I might agree that it's strange that this product didn't include support for it, I wouldn't dock them for it.

Still, he seems to be insisting that hidden SSIDs are some sort of pillar of network security. My analogy for him was that a hidden SSID on a network with WPA2 AES was like a bank using a blanket to cover their locked vault. Everyone knows that the vault is there, but few people could get in there once they push the blanket away.

What say you guys? Am I off base here?