If you think picking a complicated password is all the protection your Wi-Fi needs, think again. I thought my Wi-Fi was secure—until I really checked out my Wi-Fi and router settings.

5

Check Your Encryption

Encryption is one of the most critical router settings for protecting your Wi-Fi’s security. WPA3 is the most secure, but most routers will set the encryption to WPA2 by default to maximize device compatibility. However, WPA2, launched in 2004, is riddled with security vulnerabilities, especially if you’re on a public Wi-Fi network.

WPA3 is the newer, better-protected Wi-Fi encryption protocol. It provides enhanced protection against man-in-the-middle (MITM) attacks and provides much better encryption between your device and the router. WPA3 also fixes most of the biggest security issues with WPA2 and should be your default choice for Wi-Fi encryption, regardless of whether you’re setting up the Wi-Fi at your house or workplace.

The only problem is that it isn’t entirely compatible with WPA2, meaning older devices won’t be able to connect to a WPA3-exclusive network. However, to fix this issue, most routers should have a mixed encryption setting that provides the security benefits of WPA3 while retaining WPA2 compatibility. If a mixed mode isn’t available, make sure to use WPA2-AES, which offers much more security than WPA2-TKIP.

4

WPS Needs to Go

A strong password is hard to remember and even harder to share when adding another device to the network. This is where Wi-Fi Protected System (WPS) comes in handy. The feature lets you authenticate devices on your network with the push of a button, with no need for annoying passwords.

As good as an idea WPS is on paper, it has security vulnerabilities that can let hackers gain access to your Wi-Fi network. It also uses a PIN, which is rather easy to brute force, meaning hackers have an easy, remote way to access your network (with tools like Reaver, which are designed to attack WPS remotely).

Related

Why I Disabled WPS on My Router (and You Should, Too)

WPS sounds convenient, but it’s not worth opening your network to attack.

The Wi-Fi Alliance, responsible for setting Wi-Fi standards, has since deprecated the feature in favor of Wi-Fi Easy Connect. The feature uses an encrypted channel to send credentials from a router to a device requesting to connect to the network and isn’t as susceptible to external hijacking attempts.

Most modern routers have WPS disabled by default. If you’re using an older router, especially one that has reached its end-of-life stage, you should check your settings and disable WPS if it is still enabled.

3

Disable Remote Access

Many routers offer remote admin access, letting owners change router settings outside the local Wi-Fi network. However, unless you have a specific requirement for remote access, I’d recommend toggling this setting off.

Disabling remote access makes your Wi-Fi more secure as it removes a possible entry point for hackers. How secure your remote access feature is depends largely on your specific router and manufacturer software. Some consumer or ISP-provided routers don’t offer appropriate remote access security or have vulnerabilities that allow hackers to abuse the feature to gain access to your Wi-Fi router. This is one of the biggest reasons why I changed my ISP-provided router.

2

UPnP Is a Security Nightmare

If you play online games, I’m sure you’ve come across problems due to closed network ports. The programs on your PC use these ports to communicate with a specific service or server. However, these ports can also let hackers get inside your system.

Universal Plug and Play (UPnP) is a feature that automatically opens ports on your router for different devices and programs. As convenient as it sounds, this is exactly why you should disable UPnP on your router.

A hacker can exploit this automatic port opening (or forwarding) to access your router (and network) or make it part of a botnet. For example, UPnP has been exploited in real-world malware attacks like Mirai, which turned vulnerable devices into part of a massive botnet used for enormous DDoS attacks. UPnP also makes your network weaker from the inside. It doesn’t have any authentication mechanism to check devices or the ports it opens, meaning any device from within your network can open any port, leading to a potential data breach.

1

Stay on Top of Updates

Last but not least, router updates are important in keeping your Wi-Fi network secure. Most people will plug in their routers and use them until they get a new one. Don’t be most people.

New vulnerabilities and exploits are often discovered, affecting entire router model lineups. This means that even if your router was secure when you bought it, a new vulnerability might turn it into a security risk. To remedy this, manufacturers often release security patches. Sometimes, you might even see bug fixes, feature updates, and more.

Updating a router isn’t always a simple one-click task. While some routers have a button to check for firmware updates, you’ll likely have to manually download the update file and upload it to your router. Regardless, router firmware updates bring important security and feature improvements and should be installed as soon as possible.