May 9, 2023
If you are new to WiFi, judging from my experience working with people unfamiliar with smart home technology, it either seems simple or intimidating. Many people leave the setting up of their WiFi in the hands of the ‘cable guy’ who installs their internet and then pretty much forget about it. Others will dive into the settings with what they’ve been told by well-intentioned friends or after watching a YouTube video. Not that there’s anything wrong with either but there are a lot of popular WiFi security tips that simply don’t protect your network against intrusion.
Like anything related to computer and network security, quite a few popular WiFi security tricks don’t help at all. There are a number of them that outwardly make sense that you should avoid however, as not only do these tips do little-to-nothing to make your network more secure, they can make it a hassle for you and everyone else in your household to use the network.
Here are a few of the most popular ones to avoid:
- Hiding Your WiFi Network Name or SSID — This only hides your network from people who wouldn’t have the skill set to break into your network in the first place. And, worse yet, it just makes it inconvenient to use your own home network.
- Changing Your WiFi Network Name — It’s about as effective from a security perspective as changing your name tag at a social mixer. Not to mention all of your connected smart home devices will not be able to communicate anymore.
- MAC Address Filters — This was never a great security measure in the first place because it’s easy to spoof MAC addresses. It’s an even less useful tool now that so many devices, like phones and laptops, that automatically randomize their MAC addresses to increase user privacy.
- Disabling DHCP Assignment — At best, it might slow an attacker down by a few minutes. And at the cost of slowing down your workflow over the network’s lifetime? It’s nothing more than a huge waste of time.
- Assigning a Static IP to Every Device — Using static IP address assignments for every single device on your network to increase security is just a hassle with no real benefit. Save static IP address assignments for devices like servers.
- Using an Overly Complex WiFi Password — By all means, use a good password for your WiFi router. But your WiFi network likely will not be compromised because of the length of your password — instead because of vulnerabilities in the hardware, firmware or encryption standard used.
So what’s the best way to secure your WiFi? There are a number of great, legitimate ways to lock things down without making administrating your WiFi a second job or making it a hassle for everyone else in your household. The following is not an exhaustive list but the top few I’ve run into that really make sense and are easy to support. Of course it’s up to you, think of this as a menu of possibilities, perhaps some things to try, whatever you’re comfortable with.
Without a doubt, the biggest home network vulnerability I’ve run across is using ancient hardware. If your WiFi router was released over five years ago, it’s time to replace it. Just trust me on this one as your 11 year old neighbor kid can download software on the internet and hack your router. Or worse.
It takes about five years or so for WiFi technology to refresh significantly and for manufacturers to stop releasing updates for routers. If your WiFi router is a mid-2010s model, an update is long overdue. It doesn’t support current WiFi standards, it doesn’t support the best WiFi encryption, and it likely has permanent vulnerabilities that will never be patched via updates because it hit its end-of-life date years ago.
Security concerns aside, the quality of life improvements that come with updating your router to current WiFi tech cannot be denied. I generally recommend people update their routers even if they don’t have super fast broadband as an up-to-date router usually has many other benefits. Don’t skimp on your router — the role it plays in managing and securing your network is too important.
There is a good chance you’ve been using the same network name and password for your WiFi router for a long time, even carrying it forward to new routers. I completely understand this as I’ve been guilty of it. And with a large number of smart home devices you don’t have to worry about resetting the WiFi settings on ALL of them.
But if you’re serious about WiFi security, especially after a long stretch of not giving it a second thought, one of the best ways to do that is to start fresh. With our smart home project, Debbie and I will be doing exactly that. But you don’t need to build a new house, it’s just a good idea. Setting up your network from scratch occasionally (like when you buy a new router?) is the surest way to kick everyone that doesn’t belong off your network and ensure only the devices and people you want have access. It can be time consuming to be sure, but if you’re taking the time to overhaul the security of your WiFi network, it’s worth doing it right.
This might also be a great time to set up that guest network on your WiFi if you haven’t already. Check here for the benefits and how to do it right. Guest networks used to be a fairly uncommon router feature, but now are found on everything from premium to budget models. Guest networks solve a variety of problems but, most importantly, make it easy to keep your main network secure by handing out what amounts to a temporary password to visitors.
Updating your router’s firmware is one of the simplest ways to ensure your WiFi network is secure. Unfortunately, most people buy a router, plug it in, and never give it a second thought. If you’re unfamiliar with this or you’ve never done it before, take a second to search for your router’s model number and see what the firmware update process is. If the manufacturer has current firmware updates, install them. And if the last update was years ago, it’s time to get that new router. There is most likely also a configuration on your router to automatically install updates — set it up.
This may be a little deep for WiFi beginners but just trust when I recommend there is no good reason to use WEP, WPA, and WPA2-TKIP security standards on your router. They are all insecure and should no longer be used. Using any of these will only make it easy for your 11 year old neighbor kid to easily hack your router with readily available tools. Instead, use WPA2-AES, which has not yet been deprecated, or WPA3 if all the devices on your home network support it.
As a general rule, you should disable any features on your WiFi router you are not actively using, especially if those features have known vulnerabilities. Such is the case with both WiFi Protected Setup (WPS) and Universal Plug and Play (UPnP). While they can make setting up devices and services on your home network more convenient, both have known vulnerabilities. You’ll have to log into your router to disable WPS and UPnP to lock down your router and home network security.
This may all seem very complicated but ‘An ounce of prevention is worth a pound of cure’ as they say. All of the information needed to take these steps are probably in your router set up instructions or easily Googled. But ultimately, it’s up to you. Securing your network not only protects you but also others as compromised networks can be used to launch vector attacks.
I’d love to hear your feedback if you’re new to network security or an old pro. How are you securing your WiFi network? Did reading realize your router is REALLY old? Did it give you some ideas for adjusting settings on your router?
Let Debbie and I know in the comments, DMs and emails what you think. Thanks again to all those following Debbie and I through our home building journey. It’s great to hear your success stories and suggestions as we move through the process. And if you like the content I’m posting each week, don’t forget to ‘Like’ and ‘Follow.’
In full disclosure, I’m not an affiliate marketer with links to any online retailer on my website. When people read what I’ve written about a particular product and then click on those links and buy something from the retailer, I earn nothing from the retailer. The links are strictly a convenience for my readers.