3 things you should do first when setting up a new Wi-Fi router

iii things you should do first when setting upwards a new Wi-Fi router

A close-up of a generic home Wi-Fi router.

(Image credit: KsanderDN/Shutterstock)

So you've just been given, or given yourself, a brand-new Wi-Fi router for the holidays. What's the first thing you lot should practise?

The reply: In that location are roughly half a dozen "first" things you need to do afterwards you take the router out of the box and plug it in. Merely we'll start with the three most important ones.

1. Change the default admin password

This is not the password y'all demand to get cyberspace admission — we'll go to that in a infinitesimal — simply instead the password you need to get into the router'due south settings and perform other administrative tasks.

In near cases, a brand-new Wi-Fi router will come out of the box with a very uncomplicated manufacturing plant-default admin password like, well, "admin" or "password." And if you don't change that admin password, that might be the unmarried greatest cybersecurity mistake you tin make.

Not only are the default admin passwords easy to guess, simply they're likewise public knowledge. Here and here and hither are websites listing the default admin passwords for meridian router brands like Linksys, Netgear and TP-Link.

If you leave the admin password unchanged, anyone who tin can get on your Wi-Fi network will be able to go into the router'southward settings and change your access countersign, add more than devices to the network or fifty-fifty change the admin countersign themselves to lock you out.

Sophisticated attackers might be able to access your router through the net — more on that below — and, with your admin password, practise whatever they want. They could change your router'south settings to ship you to a simulated bank login page when y'all think y'all're going to the real thing, or load dodgy firmware that hacks your router.

The admin password yous create should be long, stiff and very hard to judge. Yous tin use one of the best password managers to generate and store it, or you can merely use an online countersign generator so write the password down and go on it someplace prophylactic.

Think of it this way: Your habitation Wi-Fi router is the gateway to the internet. If the person who controls that gateway is not you, then someone else has command over what you see and do online.

2. Alter the Wi-Fi access password

This is a bit less of import than the admin one, but you still don't want just whatever jerk passing by to exist able to get on your Wi-Fi network. It's a lot easier to hack a router or other devices on the network if you tin can get on the network itself.

Many newer routers don't have a default access countersign, only instead force you to brand i upwards during the setup procedure. Don't rush information technology creating the password or making information technology something too easy.

Your Wi-Fi access countersign should not be too obvious, merely notwithstanding something you lot'd recollect — non "123456," but maybe a word mixed upward with capital letters, numbers and punctuation marks, like "BullM00se1776!" or some such.

3. Alter the default network name

Many routers will automatically create a network proper noun, or SSID, based on their model name or number. So if you pass by an apartment building and scan for domicile Wi-Fi networks, you'll generally see a number of networks with names that include "xfinitywifi," "linksys," or "NETGEAR."

The danger here is that if an attacker knows what kind of router you lot accept, they tin attack information technology more easily if that router brand is known to take security flaws. And if you're the kind of person who leaves the network name unchanged, chances are you've left the admin password unchanged and have a lousy access password too.

Ideally, you want a Wi-Fi network name that's memorable and unique but doesn't contain your name, address or whatever other personal data. Anything that doesn't contain that information or the router brand should be fine. So go alee and telephone call your network "FBI-Surveillance-Van" — at that place's one on almost every block.

Other router settings you ought to change

Now we'll get into the weeds. These are not the "first" things we'd do when setting up a new router, but if we were setting upward your home network, we wouldn't desire to use the router at all without doing these too.

As with the settings above, you would change these settings in the router's administrative interface, whether that'south through a spider web browser or a smartphone app. But these settings might be buried on a second page or in the "advanced" section; you may have to do some poking effectually to find them.

i. Turn off remote admission to the router

Router makers think you might like to be able to access your home router from your workplace, and they certainly like to brand information technology easy for their own tech-support personnel to practice so when they're fielding your troubleshooting calls.

Only equally Admiral Ackbar might say, it's a trap. Remote access is how hackers and malicious programs locate and assail your router from afar.

They'll browse the internet for routers of specific brands that have remote admission turned on, then attempt each upshot with that brand'southward default admin username and password. Much of the time, they become in and can install malware or change router settings.

2. Plough off Universal Plug and Play

You may not be familiar with the Universal Plug and Play (UPnP) networking protocol, but information technology allows devices on the aforementioned Wi-Fi network to "find" and connect to each other without whatever sort of authentication. Information technology's how a smart-home device tin find and connect to a smartphone over the Wi-Fi network without you having to fiddle with port configurations and connection protocols.

This is all fine and keen if all the activity stays on the local network. But UPnP has been extended and then that more advanced devices, such as gaming consoles or security cameras, can automatically change router settings so that those devices tin have fast ii-fashion connections to the internet.

Hackers dearest this. At that place are at least half-a-dozen dissimilar ways in which UPnP tin be exploited to hack your home Wi-Fi network and the devices inside. Unfortunately, most domicile Wi-Fi routers come up with UPnP turned on by default. Plough it off.

three. Plow off Wi-Fi Protected Setup

Router makers in the mid-2000s decided that entering access passwords was too hard for many people, and then they created two supposedly foolproof methods for getting a device connected to a Wi-Fi network and the internet beyond, and chosen them Wi-Fi Protected Setup (WPS).

If your router has WPS built in, yous can either press a push on the router at the same time you're tapping an icon or pressing a button on the device to exist connected, or you tin can enter an eight-digit security PIN — often printed on a sticker on the dorsum or lesser of the router — in place of the access countersign.

As with UPnP, this sounds slap-up. Only it creates a security nightmare. Anyone visiting your house for whatever reason tin can connect their devices to your network without your permission as long every bit they can physically go their hands on your router for a few seconds. Think of that side by side time you throw a big party.

Meanwhile, that eight-digit WPS security Pin is really 2 PINs of three and four digits each, plus a checksum. That means it's got merely 11,000 possible configurations (not 100 one thousand thousand as it should) and can be easily "beast-forced" by a laptop or smartphone in less than an hour.

So turn off WPS — if you can. Some older or less expensive routers won't let you. (Some newer or pricier routers don't take WPS at all — check for that Pin sticker.)

If you're sure your router has WPS and you tin can't turn it off, then lock the router in a glass or wooden cabinet so that no one else can access it physically without your permission.

4. Plough on automated firmware updates

Automatic firmware updates should exist turned on by default, just it'southward good to make sure that this setting is actually enabled in your router. When responsible router makers notice a vulnerability in their router's firmware, they will issue a patch to seal that potential security breach.

However, if you don't have automated firmware updates enabled, your router won't get this patch on its ain, leaving your network more than vulnerable to attacks. Firmware updates can also ameliorate the performance of routers and add together new features, which is another reason why this setting should be turned on.

Paul Wagenseil is a senior editor at Tom'due south Guide focused on security and privacy. He has as well been a dishwasher, fry cook, long-haul commuter, code monkey and video editor. He's been rooting effectually in the information-security space for more than than fifteen years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom'southward Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random Telly news spots and even moderated a panel word at the CEDIA dwelling house-technology conference. Y'all can follow his rants on Twitter at @snd_wagenseil.