My friends often ask me “What’s the most secure router?” or “Which router performs the best?”
My first answer is, “You often get what you pay for,” quickly followed by “But knowing how your router works is the most critical step to good performance and security.“
Hacking a router to get the most out of its capabilities can make a $90 router way more secure and effective than your neighbor’s $400 router left on its factory default settings. You don’t have to be an IT professional to manage router traffic or insure you have a secure WiFi router.
To help you get there, I will cover a few router security and management basics every router owner should know and suggest some settings that you can manage to get the most security and performance from your router.
Opening Your Router Interface
Your router web interface is called a graphic user interface (GUI- pronounced Gooey) is an application that allows you to interact with digital devices without writing commands in machine code or some programming language.
Your router GUI is accessed by opening your browser and entering the router IP address. The router IP address is normally found on a label somewhere on the router, and is usually 192.168.1.1. If that doesn’t work and there is no IP address on your wifi router or documentation, here is how you find it:
- Click the windows START command or icon in the lower left-hand corner of your desktop screen.
- Find the search window and enter CMD. This will open the command prompt window.
- Enter the command “ipconfig.”
- Look for the Default Gateway address: 192.168.#.#
*NOTE: Accessing and changing router settings are relatively similar from one router brand to another but your interface and menus can be arranged somewhat differently than I describe here. This is where your user manual will come in handy. If you don’t have one, they are easily found in a search of the internet.
Router Default Password and Username
After entering the IP address into your browser, you will see the router web interface open with a place to enter your Username and Password. This is the first line of defense for stopping hackers from breaking into your WiFi router.
Routers come with a default router username and password printed on a label that is attached to the router, packing box, and/or manual. Sometimes these are unique to the device but often they are not.
My router default router username is “admin” and the default router login password is “admin.” Every router of this brand (and several others) has the same default credentials.
Regardless of what type of credentials your router defaults to, change them. Change your default router username to something random that someone who knows you well wouldn’t pick as yours and never check the box for the interface to remember you if offered.
You need to change the router default login password to something that is very secure. Password security is determined by length of the password and how many characters are possible in each place.
Take the password “rafterbrewcard” for example. The password has 3 words. UPI reports that the average 20 year old knows around 42000 words. So, a 3-word password has about 40,000 x 39,999 x 39,998 = 6,399,520,000,000,000,000 possible combinations (6.39 Quintillion). Now that sounds secure, but some say these passwords can be hacked by expert hackers in a matter of hours or days.
Well, the fact is, that unless you are a high-ranking government official, a financial institution, or have thousands of people’s social security info on your home or business network, a high-level hacker is not likely to waste time hacking into your WiFi. First, they would have to set up within the radio signal of your WiFi router in order to hack it, and second, your most sensitive and valuable info like bank transactions are encrypted.
When it comes to typical home or business WiFi, protecting your router admin password with a three-word random password will protect you from nosy neighbors or drive-by WiFi theft.
Most people choose passwords that are easy to remember or guess because they don’t want to forget the password. People will often have a favorite password that they use on multiple sites. This is not a good idea. You should never reuse passwords on different sites. Set a unique password for each one.
The best way to remember your password for each site is to employ a password manager. There are safe cloud-based managers that allow you to have one password protected by 2-party authentication that accesses all your other passwords.
Because of my password management software, all my passwords are unique 13-character alpha-numeric, symbol-based passwords for every login including my router and modem passwords. It would take a supercomputer over a year to hack one of my passwords.
If you don’t have a password manager and you forget the password you have given your router, you can hit the factory reset button and use the default router username and password to enter your router interface. Don’t forget to change the default credentials after a default reset.
Changing Router IP Address and SSIID
Your router has 2 main IP addresses. There is the external IP that it uses to communicate with the internet and there are the private IP addresses that are used to help the router communicate with the devices in your network behind the router.
Here we are talking about changing your external IP. Your external IP is normally assigned by your Internet Service Provider (ISP) for a given period of time called a lease and then it will change. This rotation of IP addresses prevents using up all the numbers available by constantly recycling them.
You don’t normally need to change your router IP address but there are a couple of reasons you will want to do this.
You may want to access content that is not available to your IP. For example, if I want to view Netflix content that’s available in a different country, a VPN service like Hotspot Shield or Cyber Ghost will hide or mask my IP address and present a different IP address for a different desired geographical location.
These services run around 3 to 5 dollars per month.
If you need to reset your IP address to resolve a connectivity issue, then you don’t need a VPN service. You can reset router IP addresses by turning off the modem and router for a few minutes and restarting. This technique to set the router IP address is a good troubleshooting technique to repair connectivity issues.
Your SSID is the network name for your WiFi.
For example, when you scan for WiFi networks to sign a device onto the SSID is what shows up in the list of available networks. If you are asking yourself “How do I find my SSID?” Here are some ways.
The default SSID is often found on a label on the router. You can also run a scan for the WiFi. Since proximity is a strong variable in signal strength, the strongest signal is probably the one from your device.
Once you are inside the router settings you will find a place to reset the SSID. You should set this to something unique that does not identify you or your location.
If you have multiple SSIDs, each should have a label that makes it easy to delineate which is which. This will prove helpful for managing them later.
For example, I could name the Cabin WIFI “Mountain Retreat” and my Guest WIFI “Mountain Friends.” You may have multiple channels for 2.4 and 5Mghz that could have SSIDs like Mountain 2.4 or Mountain 5.
Best Channel for WIFI
Dual band routers have a 2.4Ghz channel (the older standard) and a 5Ghz channel. The newer 5Ghz channel isn’t a better channel, just different.
The 2.4 channel, being a lower frequency, will travel farther and through obstacles better. The 5Ghz channel will move data a bit faster but is more prone to signal strength drop over distance and interference from obstacles.
I connect my smart televisions and devices in the farthest point of my home to the 2.4 channel, and my laptop near the router to the 5Ghz.
Here you will also set the level of encryption for the channel. You should choose WPA2 or WPA3 settings and select the AES (Advanced Encryption Standard) Encryption instead of TKIP (Temporal Key Integrity Protocol).
TKIP is no longer considered a secure encryption method and new routers may not even offer the option.
Not all routers have WPA3 available (mine does not). WPA3 was developed to address some router security vulnerabilities that were uncovered by researchers in 2017 that can allow an advanced hacker to monitor WiFi activity. Most manufacturers have released firmware updates to address these issues for routers still using WPA2.
You should periodically check for updates to your device firmware and install them whenever they are available as most updates tend to address new security threats.
Monitoring Traffic on Router and Router Parental Controls
Under the Network Setting section, you should find a menu selection for your LAN (Local Area Network) settings. This will usually display a DHCP Clients table that shows all the devices connected to your network. You will want to check this table from time to time to insure no one is pirating your WiFi.
If you find an unknown device, you can reset your password and then check to see if it returns. It is also good to check with the users on the network to see what devices they are using so you don’t block any valid users.
Not all routers have parental controls but if yours does, you will find a Parental Control or Access Control item in the interface menu. If you are shopping for a router and you have young children, you should make this feature a must-have item.
These controls will allow you to set up a separate SSID for the children and either allow only approved sites (good for very young children) or block certain types of sites (like adult content sites) from being accessed by users.
There is much more to learn about router settings that you may find useful or interesting. I suggest perusing your router interface and doing a browser search on any unfamiliar settings (these articles will often cover the pros and cons of making prospective changes) or look them up in the user manual.
Be careful when making changes and remember what your last change was in case you need to reverse it. Some routers will allow you to create a back up of current settings so one can easily reverse a recent change without going back to the router default settings.
It is good to become familiar with your router manual and will make managing and keeping your network secure easier.