Six router settings you should change right now
Protect your device from vulnerabilities.
By Whitson Gordon – popsci.com
Your router is full of features that make it easier to use, but these same properties often make it less secure. Just last week, a vulnerability in the common Universal Plug and Play (UPNP) protocol, which facilitates communication between devices on a network, was used to hack thousands of routers. There’s a good chance your device remains vulnerable to this and many other security holes.
The problem gets worse if you rely on an older router, which may not have patches for recently-discovered vulnerabilities. If you haven’t upgraded your router since the Bush administration, you probably should think about buying a new one soon. In the meantime, these steps will help protect your home network from intruders.
Update your firmware and reset to factory settings
Your computer updates itself automatically, but many routers don’t. Instead, they require you to go through an arduous process to install new firmware. Annoying as it may be, this practice is crucial for good security. So before doing anything else, we recommend you reset your router to factory settings (in case it’s been compromised already) and install the latest firmware.
The process will vary a bit for each router, but here’s the basic gist. Type your router’s IP address into your browser’s address bar (usually something like 192.168.0.1, 192.168.1.1, or 10.0.0.1) and press Enter. If you’re having trouble, check your router’s manual or try one of the IP addresses from this TechSpot list. Enter your username and password to access the router’s web interface—if you don’t know what your login information is, look for it on the side of your router or in your manual. If you still can’t find it, the database at RouterPasswords.com may be able to help.
Once you reach the main interface, poke around the menus until you find the administrative settings. There, you’ll want to do the following things.
- Update the firmware. You may be able to do this with the click of a button, or you may have to go to your router’s support page, download the latest firmware, and manually upload it to your router. While you’re doing this, make note of the date that the firmware came out—if the manufacturer released it a few years ago, that company probably does not support your router anymore, and you may want to upgrade it soon.
- Reset to factory settings. If your router offers to back up your settings, do that now—just in case. Then find the option to restore your router to factory defaults, and click on it. This will erase your settings, but also ensure any previous hacks will no longer compromise your system. If you run into issues setting the router back up from scratch later on, you can always restore from the backup to see what settings you might have forgotten to re-enable.
- Change your password. After restoring your router to factory settings, it’ll go back to using the default password. This is bad, since these codes are easy for anyone to find online. So look for the option to change the router login password. This is not the Wi-Fi code, which we’ll get to in a moment, but the password you use to log into this web interface. This option should be in the same administrative settings as the firmware update you just ran. Create a memorable username and a strong password, and write it down somewhere so you don’t forget—preferably in a secure password manager like LastPass.
If you see an option for automatic updates, enable it. This probably won’t be vital though—many routers don’t have this feature, and the ones that do often have turned it on already.
Set up a strong password
Once you’ve updated your router’s firmware, it’s time to set up your Wi-Fi.
From the router’s web interface, find the Wireless section of its settings, and give your network a name, ideally something unique to you and your household—not just “linksys.” Make sure the password type is set to WPA2 or WPA3, not WEP, which is insecure and incredibly easy to crack. Then enter a strong password and apply your settings.
While you’re in this section, you may be tempted to “hide” your network’s name, or Service Set Identifier (SSID), in an effort to keep it secret from nearby villains. But you shouldn’t do this. Not only are SSIDs kind of a hassle to deal with (some devices don’t properly support hidden networks), but in some cases, your laptop or phone can actually leak that “hidden” name when you’re out and about, making your network less secure. Finding a hidden network is trivial for even the most remedial of hackers anyway, so it’s always best to leave this feature turned off.
Disable WPS, UPnP, and Remote Administration
You’re almost done! As a last step, go through your router’s settings and turn off the following features.
- Wi-Fi Protected Setup (WPS): This feature allows you to connect a new device to your network just by pressing a button and entering a PIN—no password necessary. Sounds convenient, right? Too bad it’s notoriously insecure, and makes it far easier for someone to get onto your network without your permission. Most people don’t use this feature anyway, so you can just turn it off.
- Universal Plug and Play (UPnP): This allows devices to more easily communicate with one another on (and sometimes off) your network. Here is a full explanation of this feature. In summary, while it has its uses, it’s been host to numerous security issues over the years, including the most recent mass router hack. Unless you really need this feature and know your router is getting regular updates, you’re probably better off just disabling it. If certain applications stop working properly after disabling UPnP, look up how to forward their ports manually.
- Remote Administration: Many routers allow you to access their settings page from outside the network. In general, this is not a good idea, and not something most people will need anyway. Turn it off, if it isn’t off already.
Changing all of these settings will take you pretty far, but again, there’s no substitute for a well-made device with up-to-date firmware. If you’ve had the same old router for more than a few years old, its firmware may be forever out of date. Without the latest security patches, it will leave you vulnerable. So, at some point in the near future, you’ll want to upgrade.
If you do go shopping for a new router, consider a system like Eero or Google Wifi. These not only receive regular automatic updates, but also give you better range across your house and let you easily manage your settings right from your phone.