Virgin Media told me I need to change my router password due to security concerns. Is there anything else I need to do - or can do - to make my router and Wi-Fi more secure? Any advice would be appreciated.
Anthony, via email
Wi-Fi is one of those things that sort of fades into the background of our lives so we don't really think about it. I mean, that's entirely the point, right? That's why a security notification can seem so startling - suddenly we're forced to consider the security of our precious Netflix and Facebook distribution system (or whatever you use the internet for).
Fortunately, there are some things you can do to improve router security. We'll go through some of them now.
1. Change your router username and password
Every provider's router comes with a predetermined username and password - they're typically printed on a label somewhere on the device. Many people stick with this default login, but the standard username and passwords are fairly well-known. To combat this, change them.
The label on your router will tell you how to access your router settings - typically you have to type an address into a web browser. The exact address will vary depending on your router, but it'll look something like: 192.168.0.1 (read our guide on the subject for more information).
From there, you'll be able to change username and password. Just make sure that it's secure and uses a combination of lower and upper case, symbols and numbers - don't use 'password' as a password, for example.
2. Change the network name
By default, your Wi-Fi network will probably have a provider-related SSID - the name that shows up when scanning for connections on a device. For example, if you have Virgin Media, it may look something like 'VM683632'. Alternatively, it may start with the name of your router manufacturer - such as Belkin or Netgear.
One drawback of this is that it tells any would-be attackers the likely type of router you're using, and what type of exploits they can use to get access. Change the name to avoid that problem but just don't use any personal information that can identify you.
For example, I might go with "Awesome-Funky-Cool-WiFi" as a name, but would avoid "Hunky-Duncs-Funky-WiFi". Though I wouldn't use either, as those names are dumb.
3. Change the network password
You'll also have a pre-defined password - usually a random string of letters and numbers - to get devices online. Like your router setting login, these can typically be found somewhere on the router. These are usually fairly secure, but it's good practice to change the details every so often to maximise security.
You can do this by accessing your router settings (see point one).
4. Deactivate WPS
Wi-Fi Protected Setup (WPS) is only available on some routers. It makes it much easier to connect wireless devices to the network - simply push the button marked WPS on the router and you can connect without entering a password.
Some experts have complained that WPS isn't fully secure - particularly if the nefarious types have physical access to your equipment, That's unlikely, of course, but the risk can be fully removed by simply deactivating it in your router settings.
5. Don't broadcast your SSID
By default, most Wi-Fi networks broadcast their names, so you can simply scan for accessible connections on whatever device you're using. One way you can increase security us to stop it doing that (in router settings again). This is obviously more secure, as people won't be able to detect your network, but it does mean your devices won't detect it either. As a result, you'll have to manually type in the network name when you want to connect a new device.
6. Make sure your router firewall is enabled
Many routers have a firewall that can be turned on or off. This essentially acts as a filter for data, letting safe bits through, but blocking unauthorised access. Make sure yours is enabled (router settings again), because while it's not infallible, it is safer on than off. In addition, many internet security tools, such as Kaspersky or Norton, include firewalls of their own, for an extra layer of protection.
7. Update your router's firmware
As with your computer or phone, routers receive updates to improve features, fix problems or increase security. Naturally, it's best to ensure your device is kept fully up to date. Some routers will update automatically, but it's worth going into your router settings regularly to check if there's an update available.
8. Use WPA2
If you are using an older router, you may be using wired equivalent privacy (WPA). This is a security standard that is, unfortunately, susceptible to hacking and should be avoided. Instead, if you have the option, make sure your router is using WPA2 - this is a much more secure security standard. Check the router settings to make sure you're using this option, and if you don't have WPA2 available, consider upgrading your router.
9. Filter MAC Addresses
Every single device you use to connect to your Wi-Fi has a media access control (MAC) address - essentially an ID for that device. If you go into your router settings, you can set your connection to only accept access from devices with approved MAC addresses.
Go into the access control settings (this may vary from router to router, but a Google search should help you find it on yours if necessary), and you should see a list of connected devices, with MAC addresses. You can use this to confirm or deny access as needed.
Alternatively, all devices will list their MAC address in their settings somewhere. For example, on an iPhone, it can be found under Settings > General > About > Wi-Fi settings, and on Android it's in Settings > About > Wi-Fi MAC address. The exact path will vary depending on your Android model, however.
Finally…
Those are just some of the simple things you can do to improve security on your router. Hopefully it proved useful.
We have plenty of other guides too. Why not take a look at:
