diff --git a/bin/tessel-wifi.js b/bin/tessel-wifi.js
index c021225..25d6802 100755
--- a/bin/tessel-wifi.js
+++ b/bin/tessel-wifi.js
@@ -38,7 +38,6 @@ var argv = require("nomnom")
   })
   .option('security', {
     abbr: 's',
-    default: 'wpa2',
     help: '[Tessel] Security type of the network, one of (wpa2|wpa|wep). Omit for unsecured networks.'
   })
   .option('timeout', {
@@ -98,7 +97,28 @@ common.controller({stop: false}, function (err, client) {
         pass = new Buffer(String(pass));
       }
 
-      var security = new Buffer((String(argv.security) || (pass ? 'wpa2' : 'unsecure')).toLowerCase());
+      var security = argv.security;
+      if (!pass.length) {
+        if (security && security.toLowerCase() != 'unsecure') {
+          // there is no password and security was specified
+          logs.err('A password is needed for', security);
+          client.close();
+          process.exit(1);
+        } else {
+          // if there isn't a password then assume security type is unsecure
+          security = new Buffer('unsecure');
+        }
+      } else if (!security) {
+        // if there is no security specified, default to wpa2
+        security = new Buffer('wpa2');
+      } else if (security.toLowerCase() == 'unsecure') {
+        logs.err('Cannot connect to an unsecure network with a password specified');
+        client.close();
+        process.exit(1);
+      } else {
+        // otherwise use chosen security type
+        security = new Buffer(security.toLowerCase());
+      }
 
       client.configureWifi(ssid, pass, security, {
         timeout: argv.timeout