We use a D-Link 2.4 GHz router, about 7-8 years old, for our home LAN. I
read recently we ought to change passwords occasionally on the router. But I
also had the thought that it might be time to upgrade. Any recommendations?
This question gets my standard answer #2: it depends.
It depends on things like having ever changed your password and whether or
not you’re using wireless access to your network, and if so, what kind of
encryption you’re running.
And yes, there’s a scenario where an upgrade might be called for, but it’s
not age-related, it’s about capability.
Become a Patron of Ask Leo! and go ad-free!
First off, let me ask this: have you ever changed your router’s
administrative password? If you answered “no”, then go change it now.
The default password for most routers is something that’s very easy to
either just know or to look up. The reason you want to change it is that there
actually attempt to access your router. Knowing the administrative password, if
you’ve never changed it, that software can then reconfigure your router to
disable many of its firewall characteristics and allow more serious malware to
infect your system.
So you should change your router’s password at least once. That was
How often kind of depends.
In most cases, in my opinion, you never need to change it again. As long as
it’s not the default there’s rarely a reason to change it.
However … (and there’s almost always a “however”)
The “problem” with most router admin login security is that it’s
You’ll note that you don’t (and can’t) use “https” to login
to your router, only http. That means the traffic can be monitored by anyone on
your network, and if they want, they can see the password that’s being used to
login to your router.
The good news is that most networks are “closed”, meaning that you probably
only have your own machines on the network, or machines that you implicitly
trust. In addition, you probably don’t access your router’s administrative
interface that often, so the login password isn’t actually being transmitted
very often for it to be visible in the first place.
The bad news is that many people have what they think are closed networks
that are really open and to which anyone can connect.
Those are folks with unencrypted wireless connections or wireless
connections using WEP encryptions. Any computer within signal range can connect
to these networks and may be able to monitor the traffic on your network.
That includes the router admin traffic if that’s done wirelessly as well.
WEP encryption? Isn’t that supposed to be secure? It was, but not any more.
In fact I recently heard someone say that it’s now often quicker to crack WEP
security than it is to try and type in the password that’s been used. The
bottom line is that WEP is broken and practically equivalent to no encryption
at all. WPA encryption, on the other hand, is secure.
So there’s my upgrade recommendation:
If you use WiFi on your network
… and the router or access point does not support WPA encryption
… and you’re in a situation where you don’t control who could be in range
of your wireless network
… then you need to upgrade either your router or access point (and perhaps
even your computer’s WiFi hardware) to equipment that supports WPA. Or I
suppose you could stop using WiFi.
Now, if you must operate an open WiFi hotspot – say you’re an
internet cafe owner – then you’ll not only need to make sure your router has a
non-default password, but you’ll also need to make sure that you never
change or access it using a wireless connection yourself. Changing your
router’s password or even accessing the admin interface using your wireless
connection could expose the password to anyone in range who might be listening.
Instead, make a wired connection to your router and administer it via
But after all that, I still don’t really see a reason to then change the
router’s password periodically. It doesn’t hurt, I suppose, but I’m not sure I
see a real benefit as long as it’s been changed at least once. If you’ve
discovered that you’ve accessed your router via an insecure and sniffable
route, then you might want to consider changing it (via that secure, wired
And as long as your router is working for you and meets the WPA requirement
if that applies to your situation, I see no real reason to upgrade either.