diff --git a/internal/wifi/wpasupplicant/backend.go b/internal/wifi/wpasupplicant/backend.go
index 4fa8e8b..406b8f5 100644
--- a/internal/wifi/wpasupplicant/backend.go
+++ b/internal/wifi/wpasupplicant/backend.go
@@ -154,11 +154,11 @@ func (b *WPABackend) IsScanning() (bool, error) {
 func (b *WPABackend) Connect(ssid, password string) error {
 	// Create network configuration
 	config := make(map[string]interface{})
-	config["ssid"] = ssid // Raw SSID string, no quotes
+	config["ssid"] = fmt.Sprintf("\"%s\"", ssid) // wpa_supplicant expects quoted SSID
 
 	if password != "" {
 		// For WPA/WPA2-PSK networks
-		config["psk"] = password // Raw password string, no quotes
+		config["psk"] = fmt.Sprintf("\"%s\"", password)
 	} else {
 		// For open networks
 		config["key_mgmt"] = "NONE"
diff --git a/internal/wifi/wpasupplicant/bss.go b/internal/wifi/wpasupplicant/bss.go
index ab1b5b7..799e9f9 100644
--- a/internal/wifi/wpasupplicant/bss.go
+++ b/internal/wifi/wpasupplicant/bss.go
@@ -137,13 +137,13 @@ func (b *BSS) GetSignal() (int16, error) {
 
 // DetermineSecurityType determines the security type based on BSS properties
 func (p *BSSProperties) DetermineSecurityType() string {
-	// Check for WPA2 (RSN) - need to check if KeyMgmt has actual values
-	if hasKeyManagement(p.RSN) {
+	// Check for WPA2 (RSN)
+	if len(p.RSN) > 0 {
 		return "psk"
 	}
 
 	// Check for WPA
-	if hasKeyManagement(p.WPA) {
+	if len(p.WPA) > 0 {
 		return "psk"
 	}
 
@@ -155,20 +155,3 @@ func (p *BSSProperties) DetermineSecurityType() string {
 	// Open network
 	return "open"
 }
-
-// hasKeyManagement checks if a WPA/RSN map contains actual key management methods
-func hasKeyManagement(secMap map[string]dbus.Variant) bool {
-	if len(secMap) == 0 {
-		return false
-	}
-
-	// Check if KeyMgmt field exists and has values
-	if keyMgmtVariant, ok := secMap["KeyMgmt"]; ok {
-		// KeyMgmt is an array of strings
-		if keyMgmt, ok := keyMgmtVariant.Value().([]string); ok {
-			return len(keyMgmt) > 0
-		}
-	}
-
-	return false
-}