Your home network’s security is only as good as the configuration of your router or gateway. Leave it open or vulnerable, and you might end up with freeloaders that hog your bandwidth, at best. At worst, a snoop might take the opportunity to examine your internal traffic, hoping to learn sensitive information about you that can be exploited. To ensure that only approved devices are connected to your network, you can take a few simple steps to strengthen its security, which we explain below. If you can’t access some of these settings in your gateway (the combination modem/router provided by your internet service provider), consider switching off the router part of it and using a dedicated router instead, either of the traditional or mesh variety. Depending on your router’s age, you may need to change both the administrator password (which gives access to the management interface) and also the Wi-Fi password. Older routers usually default to ultra-simple passwords for the administrator account —think “admin” and “password”—and they’re easily found online. You may have also chosen a simple, crackable password when turning on encryption for your network. For both scenarios, choose a new, stronger replacement. The best way to do this is a built-in password generator in a password manager—they’ll be truly random and thus more secure, and the manager will ensure you don’t forget it. (Good free password managers exist, so solid online security doesn’t have to cost you a thing.) For newer routers, they often come with random passwords as default. It doesn’t hurt to change those if your router or gateway has that info printed on them though, particularly if you have less control over who might have physical access to the device. Just be sure to keep track of your new passwords, ideally in a password manager as mentioned. You should always encrypt your network traffic. These days, choose WPA2 for the best security. Older protocols like WPA and the ancient WEP won’t adequately protect you. If your router supports the newer WPA3 protocol, you can try it out—it’s an improvement over WPA2—but all of your connecting devices must support that protocol. Most people can stick with WPA2 for now, and then flip over to WP3 once all devices in the household can also make the leap. When setting up WPA2 encryption, pick WPA2 Personal if given a choice between that and WPA2 Enterprise in your router settings. Also, if you see TKIP and AES as different encryption options, go with AES as it’s much stronger. For older devices that cap out at WPA, consider upgrading your router at last. You’ll get better security, faster speeds, and more features for as little as $50 (or less if you wait for a sale). If you’re on an ancient router that only has WEP, replace it stat. You’re barely one step above having an open network. As for folks who leave encryption off because you want to share your internet with others: We salute your altruism, but don’t let that come back to haunt you. As mentioned above, no encryption means that people can spy on your internet traffic, giving them clues to your activities (including banking). That could lead to troublesome problems down the road. Name your network wisely. It should be something generic but not too common that doesn't reveal your address. A Service Set Identifier (SSID) is the name of a wireless network. That is what you see when trying to connect to a Wi-Fi network: Linksys616, D-Link2289, 555MainSt, We Have No Wi-Fi Here, etc. Because older routers default to ultra-simple or easily cracked passwords, changing the SSID to a non-identifying word or phrase helps thwart hackers looking for low-hanging fruit. Leave it as Linksys, and a savvy snoop may realize you’re running a much older Linksys router with “admin” as the password for router management. If you haven’t changed that password (and most people don’t), your home network is ripe for their exploration. As you move forward in time, many routers use a combination of the manufacturer name and numeric string (often the model number) for the SSID—making it even easier to look up the default admin password. Unless you have a modern enough router that issues random passwords as part of the factory settings, you could be even more vulnerable. So just change the SSID. (Don’t use your address for it, either. No need to make yourself more identifiable.) Note: Years ago, a common recommendation used to be to not broadcast your SSID: that is, keep it hidden from the list of available Wi-Fi networks in your vicinity. But trying to do security through obfuscation doesn’t really work here—it’s been proven that someone can easily discover hidden networks with a wireless spectrum scanner. Since disabling SSID broadcasting also makes it harder for people to join your network, you’re generally better off leaving it visible, using the strongest encryption available to you, and creating a very strong Wi-Fi password. Visit OUR FORUM to learn how to secure your wireless router.