Securing Your WiFi Router
Your Router Is the Front Door
Every device in your smart home connects through your router. It is the single most important piece of security infrastructure you own. If your router is compromised, every device behind it is exposed. Yet most people use whatever router their internet provider gave them, with whatever settings it came with, and never think about it again.
Securing your router takes about 30 minutes and provides the biggest security improvement of anything in this course. Let us walk through each step.
Change the Admin Password Immediately
Your router has two types of passwords: the Wi-Fi password that devices use to connect, and the admin password that gives access to the router's settings. The admin password is the one people forget about, and it is the more dangerous one to leave at its default.
To change it, connect to your router's admin panel. This is typically done by navigating to 192.168.1.1 or 192.168.0.1 in your web browser, though some routers use a different address. Check the label on your router for the exact URL. Log in with the current credentials (often printed on the router's label), then navigate to the administration or system settings section and change the password to something strong and unique.
Use a password that is at least 16 characters long, mixing uppercase and lowercase letters, numbers, and symbols. Better yet, use a passphrase: a string of random words like "correct horse battery staple" that is long and easy to remember but impossible to guess. Store this password in a password manager, which we will discuss in a later lesson.
Set Strong Wi-Fi Encryption
Your Wi-Fi network should be using WPA3 encryption if your router supports it. If not, use WPA2-AES (sometimes listed as WPA2-PSK with AES). Here is what to avoid:
- WEP: This is ancient and can be cracked in minutes. If your router is still using WEP, you need a new router.
- WPA (original): Also outdated and vulnerable. Do not use it.
- WPA2-TKIP: The TKIP cipher has known weaknesses. Always choose AES.
- Open network: No password at all. Never run an open home network.
Your Wi-Fi password should be strong and unique, at least 20 characters. Yes, it is annoying to type a long password when connecting a new device, but you only do it once per device. The security benefit is permanent.
Update Your Router's Firmware
Router manufacturers regularly release firmware updates that patch security vulnerabilities. Most routers do not update automatically by default. Log into your router's admin panel and look for a firmware update section, usually under "Advanced" or "Administration." Check for updates and install any that are available.
Better yet, enable automatic updates if your router supports them. Modern mesh systems like Google Wifi, Eero, and TP-Link Deco update automatically, which is one of the security advantages of upgrading from an older router. If your router is old enough that the manufacturer no longer releases firmware updates, it is time to replace it. An unsupported router is a ticking time bomb.
Disable Features You Do Not Use
Routers come with many features enabled by default that most people never use. Each enabled feature is a potential attack vector. Here are the ones you should consider disabling:
WPS (Wi-Fi Protected Setup): This feature lets devices connect by pressing a button or entering a PIN. The PIN-based method has a well-documented vulnerability that allows brute-force attacks. Disable WPS entirely.
UPnP (Universal Plug and Play): This allows devices on your network to automatically open ports in your firewall. While convenient, it means a compromised device can create pathways for external attackers. Disable it and manually configure any port forwarding you actually need.
Remote management: This allows you to access your router's admin panel from outside your home network. Unless you have a specific need for this, disable it. It is one of the most commonly exploited features in router attacks.
Guest network (maybe): Actually, keep this one, or enable it if it is not already on. We will use it for network segmentation in the next lesson.
Consider Upgrading Your Router
If your router is more than five years old, or if it was provided by your ISP, seriously consider upgrading. Modern routers and mesh systems offer several security advantages: automatic firmware updates, WPA3 support, built-in network monitoring, and often the ability to create separate network segments for IoT devices. Mesh systems from companies like Eero, Google, and TP-Link are particularly good for smart homes because they provide strong coverage throughout your home (important for reliable smart device performance) while also offering good security features.
When shopping for a new router, look for WPA3 support, automatic firmware updates, VLAN or IoT network segmentation support, and active manufacturer support with a track record of releasing security patches. A good router is a one-time investment that protects everything else on your network.