In this article I will take you through setting up your WiFi settings security and configuration before we begin it’s important to note all routers have a different configuration and as such may not have the same interface or GUI, but they all contain similar settings.
First off you need to sign into your Router to begin making changes.
- To do this on Windows 10 right+click the Start Menu and load Command Prompt or Power Shell > type ipconfig press enter > locate Gateway IP address
- On Apple load System Preferences > Network,> Click Advanced Button > Click TCP/IP and locate Router IP
Now that you have located your Gateway IP address open a browser (IE, Firefox, Chrome, Safari) and type in the URL bar at the top, your Gateway/Router IP address.
You will need to login to make changes, most router manufacturers include your login credentials on your router so check the back and bottom for the sticker. If assigned a router/modem from your ISP it is likely to have a similar sticker, such as the default WiFi Password, the username is often cusadmin or admin.
(Note – For those of you using a Wireless Router you purchased can check with the manufacturer website to determine your default password or manual, for those using an ISP supplied Wireless router if you are having trouble signing in for the login information contact your ISP.)
Click the WiFi settings button on the routers main page or the WiFi Settings button, sometimes this is located in Wireless, RF settings, or Advanced Settings areas of the router page, I have included a few different router types in the images above to make it easier.
First off select or type in an SSID broadcast name, this can be any name you wish to give your router access point. It is also important NEVER to hide your SSID broadcast name, some people do this under the false notion that if the broadcast name is hidden no one will guess it and be unable to connect. This is a misconception as most WiFi scanning devices can still detect a hidden broadcast name, it is also worth noting it disables wireless security on many router devices, and any previously connected device will broadcast that hidden SSID name as you drive or walk around unwittingly alerting any potential intruder to an unsecured wireless SSID name.
(Note – It is very important never to use your real name, last name, or phone number.)
Most routers have options for WiFi settings such as, WPA, WPA-2, WEP, and Mixed WPA / WPA-2. The most secure currently is WPA-2 and is widely supported by current WiFi devices, the mode should almost never be anything other than WPA2. The exception is WPA for older WiFi devices which usually are still running Windows XP.
(Mixed modes are acceptable but discouraged, as they can allow access through less secure means.)
By default the router usually assigns a weak password for your WiFi, it is very important to change the default password. The more upper and lower case characters you add the more secure your password will become. There are MANY available bruteforcers on the internet that can easily obtain a WiFi password as most Routers do not / cannot have a connection attempt limit. As such your password should be a minimum of 12 characters both upper and lower case letters and numbers.
Example of Bad Passwords – 6904976 / 9494560 / mywifi / computer
Example of Good Passwords – JuR4L0Id90Hy5Tm3V2s6
(Note – The longer and more complex the password the more likely an attacker will simply give up and move on.)
There are usually two different kinds of encryption for WiFi devices AES and TKIP. Some routers have dual options for both limiting yourself to AES will provide the most secure connections.
Universal Plug’n’Play provides attackers a Huge hole in your network security and should always remain Disabled. It was a means for providing easier connections and it does precisely that.
WPS is a simple one-button connection for WiFi devices such as printers and Wireless Extenders, it also happens to be an amazingly easy way for any attacker to exploit router security and gain a connection. Not surprisingly this setting is now disabled by default on most wireless routers. The generated random numbers used for the connection prove easily fooled from attacker’s perspective.
You can add additional security by enabling MAC authentication however, this often requires you to enter your Router and routinely add new devices. It can be a hassle and only minimally increases your security, its a better idea to use this addition to purposely block MAC address you do not wish to connect to your access point.