NetworkManager distinguishes two types of wireless connections, trusted and untrusted. A trusted connection is any network that you explicitly selected in the past. All others are untrusted. Trusted connections are identified by the name and MAC address of the access point. Using the MAC address ensures that you cannot use a different access point with the name of your trusted connection.
NetworkManager scans for available wireless networks, if no wired connection is available. If multiple trusted networks are found, the most recently used is automatically selected. NetworkManager waits for your selection in case that all networks are untrusted.
If the encryption setting changes but the name and MAC address remain the same, NetworkManager attempts to connect, but first you are asked to confirm the new encryption settings and provide any updates, such as a new key.
In a system with a wireless connection only, NetworkManager does not automatically start the connection during boot. You must log in first to establish a connection. To make a wireless connection accessible without login, configure the trusted connection with YaST. Only wireless connections configured with YaST are sufficiently credible for NetworkManager to use them during boot.
If you switch to offline mode from using a wireless connection, NetworkManager blanks the ESSID. This ensures that the card is disconnected.