WiFi how and why: Setting up a new router securely

Tech
15
0

CLOSE

Jefferson Graham offers 4 tips on how to protect your home network from a hack on #TalkingTech.

Unpacking, plugging in and configuring a new WiFi router is usually not among most people’s holiday highlights. But if a new wireless hub should be among the presents you take out of a box, spending a few extra minutes changing its default settings (in the same Web interface you use to set it up) can leave you with the lasting gift of a more convenient, more secure home network.

►Change the default admin password. It’s amazing, by which I mean horrifying, that mass-market routers continue to ship with the administrator password set to such obvious answers as “admin” or “password.” Those make it easy for anybody on your network–or any malware infecting a device on your network–to login to the router and start messing with your connection.

Follow USA TODAY Tech on Facebook

You don’t need to change this to some gobbledygook sequence that nobody can remember. You just need something that isn’t so guessable that it tops a worst-passwords list.

►Change the network name. Many routers ship with a network name–often called an “SSID,” short for “service set identifier,” because tech companies can’t resist replacing words in the dictionary with vague abbreviations–that consists of or ends in a randomized string of letters and numbers. 

That won’t help you tell your network apart from those of neighbors if they use the same model (an especially common problem with routers issued by Internet providers). Change this moniker to something a little more memorable.

►Update the firmware. WiFi routers require software updates just like anything else–but they generally have no way of telling you that. So before you get any farther in the setup process, assuming the router hasn’t already prompted you to check, have it get and install the latest firmware. 

If your router’s manufacturer has been on top of security issues, these updates should include a fix for a vulnerability called KRACK that can be exploited by an attacker to get onto your network without a password

►Lock down the network. The encryption that scrambles a WiFi network against snooping attempts comes in multiple flavors. The one you want, and the one that should be selected by default, is WPA2-AES, which stands for “WiFi Protected Access II–Advanced Encryption Standard.”

Your router probably also offers an option called WPS (“WiFi Protected Setup”), which lets other devices on the network if you press a button on the router and press, click or tap the equivalent option on the device right afterwards. WPS can help setting up devices that, like wireless printers, lack real keyboards with which to enter a password. But it’s not terribly secure; once you’ve got those gadgets on the network, disable this option. 

Don’t forget that you can connect nearby devices via Ethernet cables for a password-free setup that will also be immune to the wireless hiccups that can impede watching streaming video over WiFi. 

►Set up a guest network. Your router can almost certainly host a guest network signal that provides access to the Internet but not your own computers. Enable this, give the guest network a simpler name and a password, and you can then hand that out to houseguests, babysitters and anybody else who might need an Internet connection but doesn’t require tapping into your printer or any shared drives. 

►Install its mobile app, if available. Many router vendors ship phone or tablet apps that you can use to check and configure their settings. They’re worth installing because it’s easier to check a wireless setting around the home from a mobile device than from a laptop–and because they just might show a little more attention to usability than the Web router-settings page you just spent 15 minutes clicking around.

More: How to tell if net neutrality repeal is why your Internet is slower

More: You’re buying a 4K TV. How much Internet bandwidth do you need?

Rob Pegoraro is a tech writer based out of Washington, D.C. To submit a tech question, e-mail Rob at rob@robpegoraro.com. Follow him on Twitter at twitter.com/robpegoraro.
 

Facebook Comments

Comments are closed.