The best approach.
If they’re active, you haven’t blocked them. Without knowing exactly what steps you took to try to block them, all I can say is those steps didn’t work.
Let’s look at what you need to do to protect your Wi-Fi connection(s) from abuse.
Become a Patron of Ask Leo! and go ad-free!
Blocking Wi-Fi access
The best way to block unauthorized Wi-Fi access is to ensure your Wi-Fi is password-protected and that any open or guest networks are disabled. Then only give the password to those allowed to use the connection.
A caveat about your router
Your router is not my router, and all routers are different.
What that means is that I don’t have step-by-step instructions to share with you because whatever I pulled together probably wouldn’t work for you and your specific router or access point.
Locate the instructions for your specific equipment to implement the steps below. Fortunately, none of this is esoteric, and most routers and access points make these changes fairly easy.
1. Use a password
The single most important thing you can do is make sure your Wi-Fi access point is configured to use WPA2 (or WPA3) security. Among other things, that means you’ll assign it a password or network key. Only individuals who know the key can then access your Wi-Fi.
Give that password to anyone you want to allow to connect, and don’t give it to anyone else. It’s that simple.
Unfortunately, it’s also not that difficult for the password to “leak”.
For example, anyone with physical access to your Wi-Fi-enabled machine may be able to view the Wi-Fi password used to connect. If you’re in a situation where someone is motivated to do so, then you’ll want to ensure that your machines are properly secured as well.
2. Disable guest or open Wi-Fi
Many routers and access points now provide two separate Wi-Fi connections:
- The “normal” connection you use and secure with your WPA2 password.
- An “open” Wi-Fi connection that could be used by your guests without a password.
The two are isolated from each other so your guests can’t access your equipment or spread malware to your machines.
But they would still be using your Wi-Fi and your internet connection.
Open hotspots like this are easy to find, and anyone within range could connect and start using — or abusing — your network. The only real solution is to turn this feature off completely.
3. A word about MAC address filtering
One of the common responses I get on this topic is to enable MAC address filtering.
Each computer’s network connection, including Wi-Fi, has a theoretically unique MAC address. By configuring your access point to allow connections from only certain MAC addresses, you can, theoretically, exclude everyone else.
Theoretically.
The problem is twofold:
- MAC addresses are not necessarily unique, and can even be changed to specific values in software.
- The MAC address is transmitted in the clear.
A motivated individual need only listen in to a Wi-Fi connection already established with your access point, make note of the MAC address being allowed through, and then change their computer’s MAC address to be one of those allowed.
In practice, it’s a fine approach, mostly because motivated individuals with the knowledge to perform those steps are not common. But it’s important to realize that it could happen.
Do this
If you truly want to prevent unauthorized use of your Wi-Fi, I recommend you:
- Set up WPA2 or WPA3 on your Wi-Fi.
- Disable any open or guest network.
- Secure all computers using that Wi-Fi to prevent the password from being exposed.
Then subscribe to Confident Computing, where I cover topics like this and more. Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Podcast audio
Related Video
As you wrote Leo, all routers are different.
I am glad to report that our router supports having password protection on our GUEST network, so some readers may also have that option. The password is easily changed after that user is all done.
I am so glad you linked to another of your articles how “to view the Wi-Fi password used to connect ” because I did not know that could be done.
My router also requires a password to access the guest account, so it might not be an uncommon thing.
My router also allows a password to access the guest account, and the same for the several routers I’ve owned from several different manufacturers. I get the impression that this possibility is much more common than rare.
As important to tell readers what to do, i think it is equally important to tell what not to do. A caution NOT to use WEP protocol would be in order here, as WEP can be broken too easily.
The WEP protocol is obsolete. There are even routers, like mine, that no longer allow it’s use.
My router supports WPA2 (which I use), as does the guest account it supports (which can be renamed). I enabled the guest account, renamed it as ‘my_devices’, enabled WPA2 for it, and now I use it for my streaming, and Internet of things devices. Since devices like TVs, Roku/Fire devices, smart-bulbs, Amazon Echo’s, etc. may not be as secure as my PCs, I prefer to keep them separated from the devices I use for banking, shopping, communicating, etc. It just feels safer and more secure to me.
All it took to make these changes was for me to take a bit of time being logged into my router using my web browser and looking over the available settings. I found that if I hovered over a setting with my mouse, a pop-up help dialog would appear explaining what the setting does. As I made changes, I took notes (recording each setting label, its original content, and the change I made, so I’d know what I did later (or if I needed to un-do anything). I use a text editor (e.g.: Notepad) to record this information and save it to a folder (myCustomizations) I keep for such information, naming each file for what I changed (e.g.: _routerChanges.txt). I put the date first, so these files are stored in chronological order.
I hope this helps someone,
Ernie