This weekend’s project is to check up on your Wi-Fi security. This shouldn’t take you more than an hour or so, and you will have to reconnect all your devices to the internet. But once it is done correctly you shouldn’t have to go through the hassle again for a long time.
Login to your router: The first thing you will have to do is figure out how to get into your router’s settings. First this will require connecting the router. Typically you connect by opening your web browser and typing the router’s IP address into the address bar. How you do this will depend on whether you own or rent your wireless router. Regardless of whether you own or rent, I recommend that you get an Ethernet cable to connect your computer and your router, because one setting we will change later will disable your ability to modify the router’s settings without being physically connected to it.
- Own: If you own your router and have never changed the login credentials, look the defaults up online. If you can’t find defaults for your router, you always have the option to reset the router totally by holding the reset button for 30 seconds (removing power won’t clear out the old settings). Links for default credentials and login IPs for the most popular home routers are:
- Rent: If you rent your router from your internet service provider, the management credentials are likely on a label on the router. If not, you may have to call your ISP to find the managment credentials.
Once you have logged into the router you can begin modifying its settings. The specifics of each router’s menus will vary but the principles presented here should be available on all manufacturers’ products.
Change the management credentials: One of the first steps you should take is to change your router’s management credentials. This will prevent someone from connecting to it remotely, logging into it, and making changes to your settings, subverting your wi-fi security settings. Use your password manager to generate a good, strong password and store it there.
Disable remote management: Only do so at this point if you are connected via an Ethernet cable. If you are connected wirelessly you will not be able to make any further changes to the router. If you don’t have an Ethernet cable and don’t wish to buy one, save this step for last. If you do make this change prematurely, or wish to modify settings later, you can always reset the router back to defaults and start over.
Encrypt the signal: This is perhaps the most important setting you can change to increase your wi-fi security. Select WPA2 encryption. If your router does not support the WPA2 protocol consider upgrading it immediately.
Disable Wi-Fi Protected Setup (WPS): Wi-Fi Protected Setup allows you to quickly connect devices when you have physical access to the router. You press the button while a device is attempting to connect, and it connects. This works great in theory but in reality this protocol is broken (and has been for a long time) and can allow anyone to view your Wi-Fi traffic.
Change your SSID: Your SSID (your network’s visible name) should not leak information about you or your residence. It should be either generic or misleading. I would not want someone to drive up my driveway and be able to see my family’s last name by merely looking at the name of the Wi-Fi network. There are good arguments to be made for not using common network names. Your Wi-Fi network should not be super common, but it shouldn’t give away information about you, either. I also recently wrote about hiding your SSID as a Wi-Fi security measure. I leave it to you to come to your own conclusion.
One other thing to consider when naming your network: include the suffix “_nomap”. This will ensure that Google will not index your Wi-Fi network along with your home address. As an example, if your Wi-Fi network is “FamilyWiFi” change it to FamilyWiFi_nomap”.