Cloud Hosting

Jordan Gloor / How-To Geek

There are a lot of Wi-Fi security tips that sound great on paper, but don't secure your Wi-Fi network against intrusion. Skip them and focus on these security-enhancing tips and tricks.

Like anything related to computer and network security, quite a few oft-repeated Wi-Fi security tricks dont help at all. Here are the tips and tricks you should avoid and an equal number you should be sure to use.

Lets start by looking at the tips and tricks that dont do much (or anything) to secure your home Wi-Fi network.

One thing worth noting before we dig in is that not only do these tips do little-to-nothing to make your network more secure, they can make it a hassle for you and everyone else in your household to use the network. So its best just outright to skip them instead of trying them out with a Well, it cant hurt, right? attitude.

If there were an award ceremony for bad security tips, the advice to hide your Wi-Fi networks name (the SSID, or Service Set Identifier) would surely be the lifetime achievement award winner.

The popularity of the tip hinges on how cool it seems, not how effective it is in the real world. At first glance, turning off the SSID broadcast for your router seems like it would put your Wi-Fi router into some sort of stealth mode, like donning an invisibility cloak.

But in reality, turning off the SSID doesnt do anythingand only hides your network from people who wouldnt have the skill set to break into your network in the first place. And, worse yet, it just makes it inconvenient to use your own home network.

While theres nothing wrong with changing your Wi-Fis SSID as part of a general refresh of your setup and security settings, just changing it from SomeWirelessNetwork to SomeOtherWirelessNetwork wont do much.

Its about as effective, security-wise, as taking off a name tag at a social mixer and putting a new name tag on. Anybody paying attention wont be fooled.

MAC (Media Access Control) addresses are unique addresses assigned to network interface controllers. The MAC address has been around since the early days of Ethernetit was part of the Xerox Network Systems networking protocol suite back in the 1970s.

Many routers support a MAC address whitelist (only addresses you add can connect) and blacklist (these devices can never connect). MAC address filtering was never a great security measure in the first place because its easy to spoof MAC addresses. Its an even less useful tool now that so many devices, like phones and laptops, automatically randomize their MAC addresses to increase user privacy.

The Best Tech Newsletter Anywhere

Join 425,000 subscribers and get a daily digest of features, articles, news, and trivia.

By submitting your email, you agree to the Terms of Use and Privacy Policy.

So theres no point in using MAC address filtering to secure your home network. Youll waste a bunch of time managing the lists and anyone trying to gain access to your network will just spoof an approved device or bypass your security another way.

Your router has a function called Dynamic Host Configuration Protocol (DHCP). Every device that connects to the wireless network and the physical Ethernet ports on the router or connected network switches automatically gets a network address assigned with no effort on your behalf.

For as long as there have been DHCP servers, there has been a persistent old wives tale about how disabling the DHCP server makes your network more secure. At best, it might slow an attacker down by a few minutes. But the trade-off is that you slow down a theoretical attacker by a few minutes in exchange for slowing down your workflow for many, many minutes over the networks lifetime.

Do you know who becomes the DHCP server when there is no DHCP server? You do. Its a huge waste of time to turn off your DHCP server and manually manage every assignment.

There is a time and place for manually assigning a static IP address to devices on your network. If youre self-hosting services, it just makes sense to give your home backup server or a Minecraft server a static IP address so that whatever port forwarding rules you have in place for that service always point to the right thing.

But using static IP address assignments for every single device on your network to increase security is just a hassle with no real benefit. Save the static IP address assignments for the times static IP addresses make sense, like assigning a static IP to a server or to a particular device that inexplicably wont play nice with your routers DHCP server.

By all means, use a good password for your Wi-Fi router. Dont use your name, your dogs name, password, qwerty1234, or other easily guessed or weak passwords.

But barring using a password so short and weak that a child could guess it, your Wi-Fi network likely will not be compromised because of the length of your password (but instead because of vulnerabilities in the hardware, firmware, or encryption standard used).

Wi-Fi passwords can be up to 63 characters long, but practically speaking, theres not much difference between a passphrase like WiFi Is Awesome! and FrK4QgJ#RDnw0e1c3v7F4$8K0%Rf0j except how much it frustrates you to type the latter into your smart TV using the remote. Whether your Wi-Fi password has enough entropy to require decades of brute-force computation to crack or billions of years of brute-force computation to crack just doesnt matter.

If the tips in the last section do little-to-nothing to secure your Wi-Fi network, what will? Fortunately, for all the Wi-Fi security tricks of dubious usefulness, there are tips that will actually improve your Wi-Fi security.

Better yet, unlike the pseudo-tips in the last section that make it a hassle to use your Wi-Fi network, these tips will lock things down without giving you (and everyone else in your household) a headache.

Hands down, the biggest home network vulnerability is using ancient hardware. If your Wi-Fi router was released over five years ago, its time to replace it. It takes about five years or so for Wi-Fi technology to refresh significantly and for manufacturers to stop releasing updates for routers.

If your Wi-Fi router is a mid-2010s model, an update is long overdue. It doesnt support current Wi-Fi standards, it doesnt support the best Wi-Fi encryption, and it likely has permanent vulnerabilities that will never be patched via updates because it hit its end-of-life date years ago.

Security concerns aside, the quality of life improvements that come with updating your router to current Wi-Fi tech is so great we recommend people update their routers even if they dont have super fast broadband and consider an up-to-date router more important than gigabit internet.

We get wanting to save money, but if you want to save money on tech, then do so by using your old iPad for as long as it gets updates or keeping your smartphone for an extra year before upgrading. Dont skimp on your router. The role it plays in managing and securing your network is too important.

If youre anything like the average person, there is a good chance youve been using the same network name and password for your Wi-Fi router for ages, even carrying it forward to new routers. We get itif you do that, then you dont have to worry about resetting the Wi-Fi settings on dozens of devices around your home.

But if youre getting serious about Wi-Fi security after a long stretch of not really giving it a second thought, one of the best ways to do that is to start fresh. Setting up your network from scratch is the surest way to kick everyone that doesnt belong off your network and ensure only the devices and people you want have access.

Its a hassle, sure, but if youre taking the time to overhaul the security of your Wi-Fi network, then its worth doing it right.

Updating your routers firmware is one of the simplest ways to ensure your Wi-Fi network is secure, yet most people buy a router, plug it in, and never update the firmware.

If youve never done so, take a moment to search for your routers model number and see what the firmware update process is. If the manufacturer has current firmware updates, install them. And if the last update was years ago, you should consider upgrading your router.

At this point, in early 2023, there is no good reason to use deprecated Wi-Fi security standards. WEP, WPA, and WPA2-TKIP are all insecure and should no longer be used. Using older Wi-Fi security standards that can be easily cracked with readily available tools is just asking for trouble.

You should instead use WPA2-AES, which has not yet been deprecated, or, better yet, WPA3 if all the devices on your home network support it.

If youre not already using the guest network function on your Wi-Fi router, you should start doing so immediately. Guest networks used to be a fairly uncommon router feature, but now are found on everything from premium to budget models.

Guest networks solve a variety of problems but, most importantly, make it easy to keep your main network secure by handing out what amounts to a temporary password to visitors. When youre setting yours up, be sure to follow this checklist to avoid common issues.

As a general rule, you should disable any features on your Wi-Fi router you are not actively using, especially if those features have known vulnerabilities. Such is the case with both Wi-Fi Protected Setup (WPS) and Universal Plug and Play (UPnP). While they can make setting up devices and services on your home network more convenient, both have known vulnerabilities.

Youll have to log into your router to disable WPS and UPnP (as well as follow the tips above), so while youre in there is a perfect time to review our list of dangerous Wi-Fi router settings and make even more adjustments to lock down your router and home network security.

And remember, you can make choices to better secure an old router, but its far better to recycle your old router, replace it with something new, and lock down a current router with update-to-date firmware instead.

Best Wi-Fi Router Overall

$260.54 $349.99 Save 26%

$53.99 $79.99 Save 33%

$341.99 $449.99 Save 24%

$349.99 $399.99 Save 13%

$129.99 $179.99 Save 28%

$442.00 $499.99 Save 12%

$38.00 $39.99 Save 5%

Read this article:
6 Tricks That Wont Secure Your Wi-Fi (And 6 That Will) - How-To Geek