In the event of an authentication process failure, a mobile station bans a connection profile storing the credentials provided by the mobile station when initiating the failed authentication process, thus affecting how subsequent scans—other than discovery scans—and connection attempts are handled. In the event of an authentication process failure, a mobile station bans or suppresses an access point with which the mobile station initiated the failed authentication process. The mobile station refrains from transmitting any communications addressed to the unique identifier of any banned access point. The mobile station may ignore any communications received from a banned access point. Suppressed access points are occasionally not made available to the mobile station for selection as a target for a connection attempt.