You may have heard of the dangers of connecting to free, open-access WiFi networks. But did you know that your home network can also be hazardous to your personal data? If you have not taken the proper security precautions, your home WiFi is likely to be just as vulnerable as the open wireless network at your corner coffee shop. Without the proper defenses, your network could be accessible to anyone with even a modest set of cyber snooping skills.
Our infosec experts have identified the three most important security safeguards for standard home WiFi networks. “These protections,” they said, “should solve 99.99% of issues for 99.99% of users.”1
Take a read through the following tips and commit to taking these steps to make your network more secure. Though the idea of updating default passwords and changing WiFi settings might sound too technical for you to handle, it’s easier than you might imagine. If you’ve ever programmed a DVR (or—going back in time—a VCR), you can do this as well.
1 Like most networks, WiFi systems can include different types of equipment and different configurations. For the purposes of this article, we assumed a relatively common residential network setup featuring a single wireless router with a built-in access point.
The “admin” password on your router is totally different from the password that you use to connect to your WiFi network. Where your WiFi password will allow you to connect to the internet using your router, your router password gives you access to the actual configuration settings of the WiFi network itself. (See section 3 for information about setting/changing your WiFi password.)
The problem with leaving a default password in place is that everyone from amateur teenage hackers to sophisticated cybercriminals can find that password somewhere online and use it to get into your network. Changing default passwords helps to reduce cybersecurity risks.
Here’s how to change your default password:
- Find the label on your router that lists the default IP address, administrator user name, and administrator password.
- Open a new web browser tab or window in your browser of choice.
- Enter the default IP address — it will look something like 123.456.7.8 — in the web address bar.
- Enter the default user name and password on the login screen.
- Navigate to the administration area and change the admin password. Longer is better, and special characters are a plus. A passphrase that means something to you but would be difficult for others to guess is a great option (for example, I<3SpicyChickenWings).
Note: If the IP address is not listed on the side of your router, or you’re not comfortable making any changes to your router, you may want to contact your ISP (i.e. Comcast) technical support to assist you.
The next thing to do while you’re in this screen is to disable remote administration. When remote administration is enabled, it’s possible to connect to your router from outside your home; leaving that on when not specifically necessary makes your network vulnerable to attack.
To turn off the feature, look for a box or button that is labeled with something like “Enable Remote Administration” or “Disable Remote Administration.” Check or uncheck the feature as appropriate to ensure that remote administration is not on.
Note: If you can’t find the spot to change your admin password within the interface, search “change <Router Brand> <Model Number> password” in your favorite web browser and you should quickly find the directions.
While you’re in the administration area, take the opportunity to upgrade your router’s firmware. As is the case with other electronic devices, router manufacturers often discover bugs and other issues that need to be addressed after products have already been shipped and installed. Updating the firmware on your router is akin to updating the operating system on your smartphone or tablet, and this step can help eliminate known cybersecurity vulnerabilities and improve performance.
To complete the update, look for and select “Firmware Update,” “Router Update,” or a similar option in the administrator window. If you see the option to enable automatic firmware updates (look for a toggle feature such as “Router Auto Update” or similar), turn that on to ensure you automatically receive security and feature updates in the future.
As noted in the first tip, if you can’t find what you’re looking for, an online search can help you identify where to go within the interface to complete the update.
There are three key settings to check (and, if necessary, change) within your WiFi network configuration: your SSID (which is the name of your wireless network), your encryption method, and your WiFi password. Here’s how to do it:
- Look for a tab named “Wireless Setup” or similar. (Again, a quick online search can help you identify the exact location for your specific router if you're unsure.)
- First, check your level of wireless encryption. WPA3 is the newest wireless encryption standard, but it is currently in its early days. Most routers and devices (like smartphones and laptops) do not yet support WPA3, so it’s unlikely to be an available option in your interface (unless you’ve specifically installed a WPA3-compatible router). Until WPA3 becomes more commonplace, choose WPA2 encryption — a must, as earlier WiFi encryption protocols are far more vulnerable. If there are multiple WPA2 options, choose either WPA2-PSK, WPA2-PSK (AES), or WPA2-Personal; all three are essentially the same and offer the best option outside of WPA3 for at-home use.
- Set or change your wireless network password. (If your service provider gave you a password, choose a new one.) As with your new router admin password, opt for a longer passphrase that has personal meaning and at least some degree of complexity (special characters, numbers, etc.). DO NOT reuse your admin password.
- Change the default SSID to the name of your choice (something like “FBI Surveillance 1” is likely to leave your neighbors amused—or concerned). If you keep the default SSID, you will likely broadcast the brand and type of router you are using, and these are pieces of information that a cyber snoop can use against you.
On a related note, if you are particularly worried about outsiders “piggybacking” on your internet access—that is, using your WiFi network rather than paying for their own connectivity—disable SSID broadcasting. (Unauthorized wireless use tends to be a greater concern in more populated residential areas like apartment complexes and multi-tenant buildings.)
When SSID broadcasting is turned off, your WiFi network name will not be visible to devices when they scan for available wireless networks in your area. The benefit of disabling broadcasting is that it becomes much more difficult for outsiders to connect to your network because they would have to guess both your SSID and your password in order to gain access. The downside of this is that your SSID will not show up in your scans either, which means you will have to manually enter your network name into your devices when you connect.
To disable this feature, look for “SSID Broadcast” (or similar) in the wireless setup area. Check (or
uncheck) the box or button as appropriate to disable broadcasting.
Are you worried about your wireless network security? Want to change the security protocol?
WPA 2 is the most widely used security protocol for routers nowadays. It’s not the latest protocol, but most devices support it.
It uses an advanced encryption system (AES) better than the Temporary Key Integrity Protocol previously used (TKIP) for WPA.
There are newer protocols available, but all devices do not support it, so WPA 2 will be the best option for most users. We can easily configure it with a few options in the router settings. Check out the instructions below.
Configuring Router to Use WPA2
You might see multiple security protocol options during this procedure. Consider these protocols as a timetable of security protocol development.
The order is WEP, WPA, WPA2, and WPA 3. The newer the protocol, the better the wireless security.
Three things are of critical importance for changing the security protocols.
- You will have to access the settings page of the router.
- The router must support WPA2.
- You can use either ethernet or access it wirelessly.
The configuration procedure is straightforward. You must open the router settings page and change the security protocol in the network settings section. Follow the instructions below:
Find Out What Protocol Router Currently Uses
If the security type is anything but WPA 2, go to the next alternatives to change the security protocol. The only exception is if it already has WPA 2 listed under security type or if it has WPA 3.
Here is how you check your wireless connection’s security type:
On Windows 11
- Press the start icon on the taskbar and search/select Wi-Fi settings.
- Click on Wi-Fi Name Properties
- Check Security type
On Windows 10
- Press the start button and search/select network & internet.
- Choose Wi-Fi
- Click on the Wi-Fi ‘s Properties
- Check Security type
On Android
- Go to settings
- Select Wi-Fi
- Find your Wi-Fi and click on it to open details.
The settings might differ according to the device but try to find similar options. You should see a similar details section like the picture above.
There is no specific section that shows security protocol in iPhones and Mac.
- On iPhone, if the protocol is old, the device will show it as a message in the WIFI section of the device.
- In Mac devices, press the option key + Wi-Fi icon to get details about the Wi-Fi. If it’s an older weak protocol, the device will show a message.
Access Router Settings
Every router has a specific way to access its settings page. There is no one universal way to access router settings.
In most instances, users will be able to access the router’s default login page with the following methods.
- Using default login settings written at the bottom/ back of the router. The info consists of the default gateway, username, and password.
- Using the QR code on the router to get redirected to the default login page (not available on all brands)
- Using a mobile app created and specified by the brand to access router settings. (Not available on all brands)
Remember, the default credentials will only work if the router is reset or the username & password wasn’t changed in the past. If you do not remember the credentials, you will have to reset the router for the default username and password to work.
We have a specific article written on how to access the router’s settings page. We recommend checking it out to get clear instructions on accessing router settings.
If the specific brand of router is not listed there, we recommend googling how to access router settings for that specific brand.
Change Network Settings
Once the router’s settings page has been accessed, you will need to get to wireless settings> Wireless security. Some routers have this option as network settings. Try to find yours.
The exact name and place of the settings might differ according to the router installed, but an option will be there.
You should see a security setting page where many options will show like SSID, Pre-Shared Key, etc. Take an example of the picture listed below. You will see an option similar to this.
What you need to find is encryption or security mode. On these settings, choose WPA2. Some routers have it listed as WPA 2, WPA 2 (AES), WPA 2 personal, etc.
You do not need to use WPA 2 (enterprises). As the name suggests, that settings are for enterprises.
Remember, the device must support this security protocol. If you do not see this option and only see options like WEP, and WPA, then WPA2 might not be supported. Check the box and owner’s manual to see if the device supports this encryption.
However, most routers currently sold do come with the WPA 2 option, if not higher like WPA3.
Please be sure to enter a strong WPA 2 password on your network. If you are buying a new router, get ones with WPA 2 or WPA3.
If you see WPA2 and a greater security protocol like WPA3, then always go for the higher security protocol. Higher the protocol, better the protection. WPA 3 is the newest security protocol.
You might see mixed options like the combinations stated below or something to the same effect.
- WPA-PSK (TKIP) + WPA2-PSK (AES)
- WPA/WPA2 etc.
The modes stated above are made for compatibility purposes. As all devices do not support WPA2, they cannot access an unsupported security protocol router.
When we enable this mixed option, the devices that support the older protocol will use that protocol, and the newer ones will use the WPA2 protocols.
The proper encryption option for WPA 2 is Advanced Encryption Standard (AES).
There is also another huge problem with these mixed options.
E.g., If an older device supports, let’s say, WPA (TKIP) and you have enabled WPA-PSK (TKIP) + WPA2-PSK (AES), the older device will get the encryption protection of TKIP, which is weaker than AES leaving the connection more vulnerable to attacks.
If you see an option stating WPA 2 (TKIP), understand that it’s an individual option; it’s made for backward compatibility with older devices.
We recommend checking your devices at home to see if they utilize the WPA 2 protocol. The WPA 2 uses an AES encryption, so try to find one that has this listed. Go for individual protocol options like WPA 2 personal, WPA 2 (AES), or just WPA 2.
Only enable mixed options if devices do not support this; else, use the WPA2 or higher security protocols.