You may have heard of the dangers of connecting to free, open-access WiFi networks. But did you know that your home network can also be hazardous to your personal data? If you have not taken the proper security precautions, your home WiFi is likely to be just as vulnerable as the open wireless network at your corner coffee shop. Without the proper defenses, your network could be accessible to anyone with even a modest set of cyber snooping skills. Show Our infosec experts have identified the three most important security safeguards for standard home WiFi networks. “These protections,” they said, “should solve 99.99% of issues for 99.99% of users.”1 Take a read through the following tips and commit to taking these steps to make your network more secure. Though the idea of updating default passwords and changing WiFi settings might sound too technical for you to handle, it’s easier than you might imagine. If you’ve ever programmed a DVR (or—going back in time—a VCR), you can do this as well. 1 Like most networks, WiFi systems can include different types of equipment and different configurations. For the purposes of this article, we assumed a relatively common residential network setup featuring a single wireless router with a built-in access point.
The “admin” password on your router is totally different from the password that you use to connect to your WiFi network. Where your WiFi password will allow you to connect to the internet using your router, your router password gives you access to the actual configuration settings of the WiFi network itself. (See section 3 for information about setting/changing your WiFi password.) The problem with leaving a default password in place is that everyone from amateur teenage hackers to sophisticated cybercriminals can find that password somewhere online and use it to get into your network. Changing default passwords helps to reduce cybersecurity risks. Here’s how to change your default password:
Note: If the IP address is not listed on the side of your router, or you’re not comfortable making any changes to your router, you may want to contact your ISP (i.e. Comcast) technical support to assist you. The next thing to do while you’re in this screen is to disable remote administration. When remote administration is enabled, it’s possible to connect to your router from outside your home; leaving that on when not specifically necessary makes your network vulnerable to attack. To turn off the feature, look for a box or button that is labeled with something like “Enable Remote Administration” or “Disable Remote Administration.” Check or uncheck the feature as appropriate to ensure that remote administration is not on. Note: If you can’t find the spot to change your admin password within the interface, search “change <Router Brand> <Model Number> password” in your favorite web browser and you should quickly find the directions.
While you’re in the administration area, take the opportunity to upgrade your router’s firmware. As is the case with other electronic devices, router manufacturers often discover bugs and other issues that need to be addressed after products have already been shipped and installed. Updating the firmware on your router is akin to updating the operating system on your smartphone or tablet, and this step can help eliminate known cybersecurity vulnerabilities and improve performance. To complete the update, look for and select “Firmware Update,” “Router Update,” or a similar option in the administrator window. If you see the option to enable automatic firmware updates (look for a toggle feature such as “Router Auto Update” or similar), turn that on to ensure you automatically receive security and feature updates in the future. As noted in the first tip, if you can’t find what you’re looking for, an online search can help you identify where to go within the interface to complete the update.
There are three key settings to check (and, if necessary, change) within your WiFi network configuration: your SSID (which is the name of your wireless network), your encryption method, and your WiFi password. Here’s how to do it:
On a related note, if you are particularly worried about outsiders “piggybacking” on your internet access—that is, using your WiFi network rather than paying for their own connectivity—disable SSID broadcasting. (Unauthorized wireless use tends to be a greater concern in more populated residential areas like apartment complexes and multi-tenant buildings.) When SSID broadcasting is turned off, your WiFi network name will not be visible to devices when they scan for available wireless networks in your area. The benefit of disabling broadcasting is that it becomes much more difficult for outsiders to connect to your network because they would have to guess both your SSID and your password in order to gain access. The downside of this is that your SSID will not show up in your scans either, which means you will have to manually enter your network name into your devices when you connect. To disable this feature, look for “SSID Broadcast” (or similar) in the wireless setup area. Check (or uncheck) the box or button as appropriate to disable broadcasting.
Are you worried about your wireless network security? Want to change the security protocol? WPA 2 is the most widely used security protocol for routers nowadays. It’s not the latest protocol, but most devices support it. It uses an advanced encryption system (AES) better than the Temporary Key Integrity Protocol previously used (TKIP) for WPA. There are newer protocols available, but all devices do not support it, so WPA 2 will be the best option for most users. We can easily configure it with a few options in the router settings. Check out the instructions below. Configuring Router to Use WPA2You might see multiple security protocol options during this procedure. Consider these protocols as a timetable of security protocol development. The order is WEP, WPA, WPA2, and WPA 3. The newer the protocol, the better the wireless security. Three things are of critical importance for changing the security protocols.
The configuration procedure is straightforward. You must open the router settings page and change the security protocol in the network settings section. Follow the instructions below: Find Out What Protocol Router Currently UsesIf the security type is anything but WPA 2, go to the next alternatives to change the security protocol. The only exception is if it already has WPA 2 listed under security type or if it has WPA 3. Here is how you check your wireless connection’s security type: On Windows 11
On Windows 10
On Android
The settings might differ according to the device but try to find similar options. You should see a similar details section like the picture above. There is no specific section that shows security protocol in iPhones and Mac.
Access Router SettingsEvery router has a specific way to access its settings page. There is no one universal way to access router settings. In most instances, users will be able to access the router’s default login page with the following methods.
Remember, the default credentials will only work if the router is reset or the username & password wasn’t changed in the past. If you do not remember the credentials, you will have to reset the router for the default username and password to work. We have a specific article written on how to access the router’s settings page. We recommend checking it out to get clear instructions on accessing router settings. If the specific brand of router is not listed there, we recommend googling how to access router settings for that specific brand. Change Network SettingsOnce the router’s settings page has been accessed, you will need to get to wireless settings> Wireless security. Some routers have this option as network settings. Try to find yours. The exact name and place of the settings might differ according to the router installed, but an option will be there. You should see a security setting page where many options will show like SSID, Pre-Shared Key, etc. Take an example of the picture listed below. You will see an option similar to this. What you need to find is encryption or security mode. On these settings, choose WPA2. Some routers have it listed as WPA 2, WPA 2 (AES), WPA 2 personal, etc. You do not need to use WPA 2 (enterprises). As the name suggests, that settings are for enterprises. Remember, the device must support this security protocol. If you do not see this option and only see options like WEP, and WPA, then WPA2 might not be supported. Check the box and owner’s manual to see if the device supports this encryption. However, most routers currently sold do come with the WPA 2 option, if not higher like WPA3. Please be sure to enter a strong WPA 2 password on your network. If you are buying a new router, get ones with WPA 2 or WPA3. If you see WPA2 and a greater security protocol like WPA3, then always go for the higher security protocol. Higher the protocol, better the protection. WPA 3 is the newest security protocol. You might see mixed options like the combinations stated below or something to the same effect.
The modes stated above are made for compatibility purposes. As all devices do not support WPA2, they cannot access an unsupported security protocol router. When we enable this mixed option, the devices that support the older protocol will use that protocol, and the newer ones will use the WPA2 protocols. The proper encryption option for WPA 2 is Advanced Encryption Standard (AES). There is also another huge problem with these mixed options. E.g., If an older device supports, let’s say, WPA (TKIP) and you have enabled WPA-PSK (TKIP) + WPA2-PSK (AES), the older device will get the encryption protection of TKIP, which is weaker than AES leaving the connection more vulnerable to attacks. If you see an option stating WPA 2 (TKIP), understand that it’s an individual option; it’s made for backward compatibility with older devices. We recommend checking your devices at home to see if they utilize the WPA 2 protocol. The WPA 2 uses an AES encryption, so try to find one that has this listed. Go for individual protocol options like WPA 2 personal, WPA 2 (AES), or just WPA 2. Only enable mixed options if devices do not support this; else, use the WPA2 or higher security protocols. |