Securing your home network is important, especially if you work from home or do sensitive work online. Routers have several default options and parameters that aren't secure, so changing them is in your best interest.
Let's take a look at several ways to improve your home network's security using router settings.
1. Change the Default SSID and Password
After the initial setup, most routers have a default SSID (which is the network name you see when connecting a device to Wi-Fi) and password. This is typically printed on a sticker attached to the router.
You should absolutely change the password for your network, and it's a smart idea to change the SSID as well. The default password might be weak—or worse, it could be a standard password that's easily found online. And if your SSID contains the name of your router (like "NETGEAR-ABC123"), someone could look up the default password for your model to connect without your knowledge.
This option differs by router, but you'll often find it under Wireless Settings, Wireless Security, or similar. Change the SSID and password for your network so that they're both unique.
Note that you'll need to reconnect all existing devices to your network once you've made this change.
2. Change the Admin Login Credentials
Separate from the name of your network and password to join your Wi-Fi, your router has a set of admin credentials. You need these to log into your router's administration panel and change settings like the ones discussed here.
By default, most routers use "admin" as the username and something generic like "password" for the password. These are so widely known that you can visit websites like RouterPasswords to find the default passwords for any model.
Your network is not very secure if someone can Google the password for your router. As soon as possible, use your router's admin panel to change the password. Leaving the username as "admin" is OK, but you should set a unique password that's not easily guessed.
3. Use the Best Network Encryption
Most routers, depending on their age, offer several encryption protocols to protect your network. However, several of these options are mostly provided for compatibility reasons and are not considered secure today. You should make sure that your router is using the latest standard available.
On your router's Wireless Settings page or similar (often on the same page you change the network password), you'll see options for Security and Encryption type.
For Security, your options typically include the following:
- None, which means that your network is open for anyone to use. This is obviously insecure and you should avoid it.
- WEP, which stands for Wired Equivalent Privacy. This is extremely outdated and provides little security, so you shouldn't use it.
- WPA, or Wi-Fi Protected Access, is the current security protocol used to protect routers. It's available in three versions: WPA, WPA2, and WPA3—you should use the latest version available on your device. WPA3 started rolling out in 2018, but isn't quite mainstream yet. The original WPA is outdated, but WPA2 is still fine if that's what your router has.
When you select WPA, you'll have the option for WPA Personal (also called WPA-PSK) or WPA Enterprise. As the name suggests, Enterprise is designed for business use and requires a server for authentication, so you should select Personal at home.
The Encryption type is often a separate option. Most routers let you choose between TKIP and AES. Unless you have a specific reason, you should always pick AES, which is much more recent and stronger. TKIP is only for backwards compatibility with older standards.
4. Disable WPS
WPS, or Wi-Fi Protected Setup, is a convenience feature included on most routers. It allows you to connect devices to your network using a few different methods that are easier than entering your password. And while it's handy, it's also insecure and thus weakens your network.
The two main WPS options are a PIN and a button on your router. The PIN is the biggest risk: all WPS-enabled routers generate a PIN, and many don't let you change it. You can enter this PIN to connect any device without using your router's password.
However, this WPS method has a major security flaw. The PIN is stored in two separate chunks of numbers, making it much easier to guess using brute force. As a result, with a few hours, someone who knew what they were doing could figure out your router's WPS PIN. And if your router doesn't let you change the PIN, you'd have no way to lock down your device once the PIN was in the wild.
If possible, look for the WPS section of your router's settings and turn it off. The risk isn't worth the small bit of convenience it offers.
5. Keep Your Router Firmware Updated
It's important to keep your wireless router updated, just like you should update your computer or phone when there's a patch available. Because your router is the gateway to your home network, you don't want to have any known security holes on such a sensitive device.
Your router's admin panel should have a Firmware Update option under the System or similar menu. Depending on your router, you may be able to check for and install updates right from this page, or you might have to visit a separate page to download the latest version and manually upload it.
Do this regularly to make sure you aren't running old firmware.
Keeping Your Router Safe
With these key tips, you'll have a more secure router and reduce risks on your home network. While you can't be 100% bulletproof, these are common-sense methods that protect against the most common exploits.
For more, why not learn how to improve your home Wi-Fi performance next?