Improve Your WiFi Security

Almost every smart device you use connects to WiFi. Since the data is going through the air, you need strong encryption and a great password in place to help protect it. When these things aren't in place, a bad actor can often easily see the data passing by or gain access to the whole network.

When you connect to a WiFi network, you're connecting with the settings put in place on that WiFi access point or router. When you connect to WiFi in public or at a friend's house, you likely don't have control over those settings. But at home (or if you're a business owner), you probably do! This article is intended to help you to make the changes where you can.

We're going to focus on five of the biggest steps you can take to improve the security of your own WiFi network:

• Set a strong and unique password
• Check the security setting
• Turn off WPS
• Update the software
• Change the device password

The steps we'll cover in this article are pretty easy, and it shouldn't take you long to change them. However, before you can make those changes, you'll need to get access to where these settings are set.

For many folks, this will be your router, but for others it may be the device you know as a modem or an access point. The process will be to connect to that device, log in to it with your device username and password, then adjust the settings.

If you know you have an app on your phone or mobile device that controls your WiFi router, modem, or access point, this may be very straightforward for you. Alternatively, you may know the URL to access your router in your web browser or have it bookmarked somewhere from the day you set it up. You'll just need to open that app or website and look for the settings mentioned in the next steps.

If you don't have a mobile app, or connecting to your router isn't something you've done before, take a look at this great guide from CNET.

You may also find it helpful to use this Router Passwords lookup site if you don't know the default username or password for your router.

Once you are connected and can see your router or access point settings, continue on to the next steps.

Once logged in to your router, modem, or access point settings, you'll need to find the option to change the password for the WiFi network. This is usually near your WiFi network name (or SSID) setting.

Now it's time to generate a strong and unique password. In case you're new to this guide, visit my page all about strong passwords.

For a quick recap, I recommend using a passphrase, and making it totally random and unique. Something that looks like this:

You can create this using either your password manager (see my guide) or Bitwarden's free password generator site. Set it to passphrase and set the length to 5 or more.

Using a short or simple password or passphrase can put your network at risk of easy hacking. Stick to passwords greater than 20 characters and don't use phone numbers, birthdays, or well-known phrases. Use a generator and make it long, strong, and totally random!

Now you'll need to find the setting for network security. Often, this is just called “Security” or could be called something like “Security Protocol.” The current setting will likely look like: WPA, WPA2, WPA3, WPA-PSK, or WEP. This defines the type or strength of the security used to connect you to the network and protect your data as it's moving.

To help make your network more secure, you'll want to update this to WPA2 or WPA3, or a combo like WPA2/WPA3. If it has a 2 and/or 3 next to the letters WPA, you should be good. Just be sure not to use WEP or WPA without the numbers 2 or 3.

If you try WPA3 and find that some older devices can't connect, try changing it to WPA2 or a combo 2/3 option. Modern smart devices should be able to use WPA2.

WPS is a feature that can make it helpful for certain devices to connect to your WIFI network without entering a password. This make connecting things like printers and TVs convenient, but it also can create a hole in your network security.

I recommend turning it off if you are able, and only turning it on if and when you are using it.

Not all routers and modems will allow you to manage the updates, especially those that come from your internet provider, but some more modern devices that you buy and install yourself do. If you have a mobile app where you control your router, you likely have some access to update management.

If you do have access to this setting, check it to make sure you are up-to-date. Run any updates that are available and enable automatic updates, or update notifications, if that is possible on your device.

In some cases, where your router or modem is very out of date, you may be missing the newer security settings like WPA3. Updating will not only keep your device safer, but will sometimes give you more security options.

If you logged in to your router or modem using a default password or one on the bottom of the device, be sure to change it to something strong and unique before wrapping up this session.

To clarify, there should be one password for accessing the WiFi network itself. This is the one you enter on your mobile device when connecting to the network (the one your friends ask for). You already changed that one above.

There is then a second password used to protect your router or modem settings. It's the one you may have used to access the router or modem at the beginning of these steps. That's the one we're referring to here.

On any network where you don't have control of the router or access point settings, you can't directly improve the security. However, you can be aware of the connection and take some steps to improve the safety of your own data.

First, is it an open network you're connecting to? Meaning, does it require a password? If it doesn't require a password to connect, this would be an open network, which is generally a good idea to try to avoid.

Next, did you connect with a strong and unique password? If your friend or hotel gave you something short and easily guessable, this wouldn't be a strong password. So, your data (and their whole network) runs the risk of exposure. I would recommend avoiding these too.

Alternative options include using your own well-secured WiFi hot spot or sticking to your cellular data plan when possible. Or, when the open or unsecured network is the only option around, you can use a trustworthy VPN service to add a layer of encryption to your data as it travels through the air (stay tuned for an article on how I choose these).

Finally, a simple step you can take to help secure all of your web traffic (over WiFi and otherwise), is to make sure you are only visiting HTTPS websites in your web browser. Most browsers make this simple these days, but you usually have to change a setting. Take a look at this guide from EFF on how to set that up.