Quick Links

When it comes to modern technology, everything is a compromise between convenience and security. Everyone wants fast access to the internet, which is why Wi-Fi is everywhere. But how secure is your home Wi-Fi router? What can you do to protect your network?

Something you rarely hear these days is that as long as you follow a few common-sense and easily implemented best practices, you probably have very little to worry about.

“Basically, Wi-Fi is pretty secure," said Anthony Vance, professor and director of the Center for Cybersecurity at the Fox School of Business at Temple University. "People shouldn’t be concerned about it."

Of course, the devil is in the details, and we've got some unpacking to do.

What Your Router Does

You might not think much about your router, but it's probably the most important gadget in your home. It's definitely the most important one connected to your network.

Most Wi-Fi routers have several functions. First, they’re gateways that connect a cable modem to the internal network. They're also wireless access points that provide connectivity for the Wi-Fi devices in your home. Most routers also include a handful of Ethernet ports, which make them a network hub or switch.

A Netgear Nighthawk wireless router.
Netgear

Many cable companies offer the option of an all-in-one modem and Wi-Fi router, so it’s possible you have a single box that does everything.

However, if you do have an all-in-one modem and router from your cable company, you might want to reconsider that. Many of them aren’t especially speedy and might lack the features and security you'd get from a standalone router.

Routers Get a Bad Rap

Many people eye their Wi-Fi router somewhat suspiciously and assume it’s one simple hack away from spilling their personal files or allowing strangers to steal their bandwidth. But this is a misconception.

"Wi-Fi access point security in the early days with WEP was really bad," said Vance. "I think that has given Wi-Fi security a bad name ever since."

WEP was the earliest Wi-Fi security protocol, and it did have fatal vulnerabilities that rendered it barely better than no security at all. It was retired in 2004 and replaced first by WPA, and then by WPA2, which is what we still have now. It's an encryption scheme with no practical vulnerabilities for home networks.

However, WPA2 will soon be superseded by WPA3, which is just arriving on shelves. This new standard has a few enhancements, including a resistance to dictionary attacks. This essentially inoculates your network from brute force password-guessing. It will be especially helpful for networks controlled by weak passwords.

Related: What Is WPA3, and How Do I Get It On My Wi-Fi Router?

Use a Guest Network

Not every bell, whistle, and security feature in a modern router is worth the investment, though. For example, if you already use strong, unique passwords on your router, Vance doesn’t recommend you upgrade to a WPA3 just yet.

Some other features might be worth it, though. If your current router doesn’t allow you to enable a guest network, that could be reason enough to upgrade for many folks. A guest network is separate from your primary one.

"It's like having two different access points," said Vance. "They can both access the internet, but they can't mingle with each other."

That’s great for guests (hence, the name), but there’s a much better reason to use a guest network: smart devices. This way, you would connect all your primary computing devices, like smartphones, tablets, and computers, to the primary network. But you would connect all your Internet of things (IoT) devices, like kids' gadgets, and actual guests to the guest network.

"Wi-Fi networks are only as secure as the least secure device attached to them," said IEEE member, Kayne McGladrey.

Smart devices, like webcams, doorbells, switches, plugs, and other IoT devices are notoriously insecure.

"Insecure IoT devices can be tricked into divulging a Wi-Fi password," said McGladrey.

This isn’t idle hand-wringing on the part of security experts, either. Back in 2016, the Mirai botnet attack infected millions of vulnerable home network devices, like unsecured routers and IoT devices, like baby monitors and webcams. The devices were then used to launch a massive DDoS attack. It crippled the internet for millions of people in the U.S. for many hours.

The only way to ensure your Wi-Fi network’s security is to connect all those devices to the guest network. That way, even if one device gets hacked, the hacker is limited to your guest network and can't access your most important devices and data.

If you have a guest network that supports it, you can even schedule when it can allow access.

"Neither children, nor washing machines need an active internet connection at 3 a.m.," said McGladrey.

Security via Passwords

A wireless router with a child using a laptop in the background.
Casezy idea/Shutterstock

So, yes, your Wi-Fi router is pretty secure, as long as you follow some of the best practices. First and foremost, you need to be using strong custom passwords.

"If you're using WPA2," said cybersecurity consultant, Dave Hatter. "And you have a reasonable password, around 15 characters that can’t be easily guessed, you're going to be pretty secure."

Your router has a minimum of two passwords, and you need to care about all of them. In addition to the primary Wi-Fi password, controlling the admin password to control the router itself is critical.

"Anytime you leave the default settings, you're basically asking for trouble," said Hatter. "For many routers, it's not too difficult to find the manufacturer's guide and immediately know what the defaults are. Additionally, tools like Shodan make it easy to find online every router of a particular brand. So, if you know what those default settings are, you can find those things pretty quickly and immediately attempt to hack."

Thankfully, things are getting better. Many newer routers come with randomized passwords, rather than the same stock set of characters for all models that roll off the assembly line. In fact, a recent law---the California Consumer Privacy Act---mandates that all devices must be sold with unique passwords.

Still, you should change the default password---and the longer, the better.

Other Best Practices

Clearly, password hygiene is critical to the security of your Wi-Fi network. Beyond that, though, there are additional steps you can take to ensure your network’s security.

One way is to keep your router up to date. Some routers update their firmware automatically, but many do not. To do this, you have to open the router’s admin settings in a browser or mobile app and check for updates. Generally, router manufacturers don’t frequently issue updates, so when there is a release, it's probably critical.

You should also disable router features that make your network more vulnerable. Chief among these is remote access.

"You don't want anyone to be able to remotely access that thing," said Hatter. "You want any access to be done from a machine connected to your local environment."

Some security experts have more robust recommendations. McGladrey suggests replacing your router every two or three years and evaluating IoT devices for security vulnerabilities before you purchase them.

Not all suggestions are practical for everyone. But if you keep the router’s firmware updated and occasionally (perhaps twice a year) change the passwords, this will probably be more than sufficient. And as long as your IoT devices have their own guest network to play in, you can consider yourself safe.

"If the Iranians or the Russians have decided to make you a target, that might not be sufficient," Hatter said. "But it's going to stop the average kind of hacking."