The router is the gateway to your whole network, and so also the first target for attackers. If it stays in factory settings, it is vulnerable. The good news is that you can secure it in a few minutes. Let us go through the steps that really matter.

Change the default admin password

Routers ship with a factory login name and password, often something like admin and admin. These details are publicly known for every model. So the first thing after connecting is to change the router admin password to your own strong one. Do not confuse it with the wifi password, they are two different things.

Wifi encryption: WPA3, or WPA2

The way your wifi is secured decides whether someone can get into it:

  • WPA3 is the newest and most secure standard. If both the router and the devices support it, use it.
  • WPA2 (with AES encryption) is still fine and use it where older devices cannot handle WPA3.
  • Never use WEP or an open network without a password. WEP can be broken in a few minutes and an open network is wide open to anyone.

Set a long and unique password for the wifi, ideally a whole phrase.

Disable WPS

WPS is a feature that was meant to make connecting easier, either by pressing a button on the router or by entering an eight-digit PIN code. The problem is that this PIN can be guessed by brute force, letting an attacker into the network even without knowing the password. So disable WPS in the router settings, the convenience is not worth the risk.

The router admin must never be reachable from the internet

This is crucial. Many routers have a remote management feature that lets you log into the admin over the internet from outside. Turn this feature off. If it is on, attackers from all over the world can try passwords on your router. The admin should be reachable only from your home network. When you need access from outside, use a VPN instead.

Update the firmware

Manufacturers continually fix security holes through firmware updates. Turn on automatic updates, or occasionally check whether a newer version is available. Outdated firmware is a common route of attack.

Other useful steps

  • A guest network for visitors and smart home devices, separated from your computers.
  • Changing the network name (SSID) so it does not reveal the router model.
  • Disabling unused services, for example UPnP, if you do not need it.

Summary

A strong admin password, WPA3 or WPA2, WPS disabled, remote access off and up-to-date firmware. These few steps make your router a much harder target. You will find more context in the article on cybersecurity principles.

Want to secure the network properly, or set up a company router? Get in touch, we will do it for you, also as part of IT support for companies.