The best approach.
If they’re active, you haven’t blocked them. Without knowing exactly what steps you took to try to block them, all I can say is those steps didn’t work.
Let’s look at what you need to do to protect your Wi-Fi connection(s) from abuse.
Become a Patron of Ask Leo! and go ad-free!
Blocking Wi-Fi access
The best way to block unauthorized Wi-Fi access is to ensure your Wi-Fi is password-protected and that any open or guest networks are disabled. Then only give the password to those allowed to use the connection.
A caveat about your router
Your router is not my router, and all routers are different.
What that means is that I don’t have step-by-step instructions to share with you because whatever I pulled together probably wouldn’t work for you and your specific router or access point.
Locate the instructions for your specific equipment to implement the steps below. Fortunately, none of this is esoteric, and most routers and access points make these changes fairly easy.
1. Use a password
The single most important thing you can do is make sure your Wi-Fi access point is configured to use WPA2 (or WPA3) security. Among other things, that means you’ll assign it a password or network key. Only individuals who know the key can then access your Wi-Fi.
Give that password to anyone you want to allow to connect, and don’t give it to anyone else. It’s that simple.
Unfortunately, it’s also not that difficult for the password to “leak”.
For example, anyone with physical access to your Wi-Fi-enabled machine may be able to view the Wi-Fi password used to connect. If you’re in a situation where someone is motivated to do so, then you’ll want to ensure that your machines are properly secured as well.
2. Disable guest or open Wi-Fi
Many routers and access points now provide two separate Wi-Fi connections:
- The “normal” connection you use and secure with your WPA2 password.
- An “open” Wi-Fi connection that could be used by your guests without a password.
The two are isolated from each other so your guests can’t access your equipment or spread malware to your machines.
But they would still be using your Wi-Fi and your internet connection.
Open hotspots like this are easy to find, and anyone within range could connect and start using — or abusing — your network. The only real solution is to turn this feature off completely.
3. A word about MAC address filtering
One of the common responses I get on this topic is to enable MAC address filtering.
Each computer’s network connection, including Wi-Fi, has a theoretically unique MAC address. By configuring your access point to allow connections from only certain MAC addresses, you can, theoretically, exclude everyone else.
The problem is twofold:
- MAC addresses are not necessarily unique, and can even be changed to specific values in software.
- The MAC address is transmitted in the clear.
A motivated individual need only listen in to a Wi-Fi connection already established with your access point, make note of the MAC address being allowed through, and then change their computer’s MAC address to be one of those allowed.
In practice, it’s a fine approach, mostly because motivated individuals with the knowledge to perform those steps are not common. But it’s important to realize that it could happen.
If you truly want to prevent unauthorized use of your Wi-Fi, I recommend you:
- Set up WPA2 or WPA3 on your Wi-Fi.
- Disable any open or guest network.
- Secure all computers using that Wi-Fi to prevent the password from being exposed.
Then subscribe to Confident Computing, where I cover topics like this and more. Less frustration and more confidence, solutions, answers, and tips in your inbox every week.