6 ways to secure your home Wi-Fi

These days, just about everyone has a broadband connection, and in a residential setup, it’s the job of a wireless router to facilitate that connection. The router connects to the cable modem – or optical network terminal for those fortunate enough to have fiber optic – and then routes traffic to client devices which are requesting data, such as for a web page or a video stream.

With gigs of data passing through a router every day, it’s wise to invest some effort in making sure your router is as secure as possible. Otherwise, you could be in danger of folks logging on to your network wirelessly and stealing bandwidth, which is commonly known as ‘poaching Wi-Fi’ or ‘Wi-Fi squatting’.

In such a scenario, at the very least, you will end up with less bandwidth to work with, and in the worst case, malicious parties might use your connection for illegal downloads which could subsequently be traced back to you. So before you become a victim, check out these six recommended methods to better secure your home network.


1. Strong password

A vital component of wireless network security is the Wi-Fi password. For starters, make sure your network has a password – an open Wi-Fi connection is the equivalent of leaving the front door to your house unlocked and wide open. Of course, these days every modern router has a wireless password enabled out of the box.

However, this is not enough. Attackers can discover and use these default passwords, so they should always be changed. Indeed, it’s good practice to change your password occasionally from time to time, and not keep it the same for years on end.

When choosing a password, you shouldn’t use dictionary words in order to avoid brute force attacks that try common words or combinations of letters/numbers. To be properly secure, a password should be a random combination of uppercase letters, lowercase letters, numbers, and special characters.

In terms of password length, the longer the better is the simple rule. While the recommended minimum length used to be eight characters, good practice these days is to make the password at least twelve characters long.

While concocting these longer, random passwords with the correct combination of characters used to be tedious, there are now websites that can generate random passwords that will fulfill these specifications quickly and easily, such as this one provided by LastPass (opens in new tab).


2. That other password

While we are on the subject of passwords, we shouldn’t forget that alongside the standard Wi-Fi access password, your wireless router is also protected with another password. Namely the router’s login credentials which consist of a username coupled with said password.

By default, this login could well be something painfully simple such as ‘admin’ for the username and ‘password’ for the password, and you should change that to something more secure for obvious reasons (head to your router’s settings page to do so).

Also, while it might seem convenient to reuse the same password you put in place for Wi-Fi access, this is bad practice in just the same way that it’s not a good idea to reuse the same password across multiple websites.

3. Disable WPS

WPS stands for Wi-Fi Protected Setup, and it was designed to make it easier to add new devices onto a wireless network. WPS gets used via two methods: the first is to enter an eight digit PIN code, which is often on a sticker on the bottom of the router, and the second is to physically push a button located on the side of the router.

Not all routers support WPS, and if yours doesn’t, consider yourself fortunate. There is a known security flaw from way back in 2011 that renders WPS insecure and potentially hackable. Furthermore, the push button method is also insecure as while it requires physical access to the router, a visitor to your home can join your network with a simple push of a button, and subsequently be a part of your network forever going forward.

For those who have a router that supports WPS, the fix is quite simple – disable WPS in the router’s settings, and don’t give it a second thought. After all, it really isn’t much more effort to just join the Wi-Fi network via the traditional password.

Guest network

4. Enable guest network

Most folks run a single SSID, with their router broadcasting a single wireless network name. A guest network allows the router to broadcast an additional SSID, thereby segregating network traffic off the main wireless network and onto a separate one. This guest network also needs to have a secure password as explained above.

The guest network can help to secure the entire network. For example, if visitors are on your guest network, they aren’t gaining access to the main network that could have PCs with file sharing enabled – which could be a potential vulnerability.

Another possibility for a guest network is to use this for your smart home devices, as these Internet of Things gadgets are often not kept as up-to-date as computers, and can suffer from more security issues. Therefore by keeping these gadgets segregated from your main network, you’re in less danger from said potential security vulnerabilities.

5. Turn your router off

This may be pretty obvious, but if the router is switched off, there is no wireless signal. Therefore, the wireless network is quite secure (well, technically it’s non-existent).

It isn’t ideal to have to keep switching off or unplugging your router, of course, but some routers allow you to schedule on/off times, such as switching off wireless connectivity during the night.

Router firmware

6. Be vigilant about firmware

The manufacturer of your router will provide security fixes for the device, and these will be delivered via fresh firmware updates. Some routers update firmware on their own, while others need the user to trigger the upgrade via an app.

Unfortunately, some other routers hide the firmware upgrade option in the advanced settings, requiring a manual upgrade using the code from the manufacturer’s support site, where novices are unlikely to find it.

Whatever the process, you should make sure that your firmware always stays bang up-to-date, or your router may be vulnerable to known attacks.

One thorny issue is that really old routers may no longer be supported with firmware upgrades from the manufacturer. In this case, you should probably look at upgrading to a more current supported router. Alternatively, if you don’t want to spend money upgrading, you could turn to an open firmware – assuming the router in question supports it, that is.

Jonas P. DeMuro

Jonas P. DeMuro is a freelance reviewer covering wireless networking hardware.