Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

What password should I change on my router for security?

Question:

Hi, Leo. I’m a long-time subscriber to your newsletter and always look
forward to receiving it. You’ve helped me a couple of times in the past and I’m
hoping you can help me again. I’m trying to set up the security on my ISP
supplied router and change the passwords. I’ve read a lot of your articles on
this and many others but I’m still not sure which passwords to change. I have a
wireless network name (SSID) and a key. I also have a router access username
(unsurprisingly “admin”) and a password. Should I change the name of all four
of these or can I change just some subset?

In this excerpt from
Answercast #99
I look at how to change the various usernames and passwords
on a router – and why it’s important.

Become a Patron of Ask Leo! and go ad-free!

Change router password

So, the fact that you have all four of them is very good.

There’s basically two passwords that you really want to change: There’s one
you want to have (because the default is not to have one at all); and
there’s one you want to change.

Administration password

The administration password is the password that you supply when you connect
to the router in order to configure it or reconfigure it.

You don’t need to change the name. In fact, in many routers, you can’t
change the name – so in this case “admin” may very well be what you’re stuck
with forever. However, definitely change the password and definitely make sure
it’s a good strong password.

Malware targets routers

The reason it’s important to change the password is because there is malware
that contains a little database of all of the common default passwords on most
of the popular routers that are currently available. When the malware runs, it
basically goes out to the router and tries to reconfigure it by accessing it
with the default password. If it does, lots of things can go wrong.

It’s so easily solved; so easily prevented by simply putting on your own
secure password to the administration screen.

So, that’s probably, I won’t say it’s the most important one – but it is
very important so do that.

WPA Key

The other password you’re talking about is the WPA key. In other words, it’s
the encryption key for your wireless connection.

That’s important for two reasons actually. One is that it prevents people
who don’t know the password from connecting to your wireless access point. And
second, it encrypts all of the data that’s transmitted between your wireless
access point and the computers using it so somebody couldn’t listen in and
understand what all the data is that is being transmitted back and forth.

Default SSID

Now, the SSID, I keep hearing opinions back and forth on [broadcasting] the SSID. I leave it [broadcasting] enabled. I don’t bother changing it – it’s up to you.

In my case, I do change the SSID [name]. I have four access points here and I want to know which one I’m connecting to. The SSID [name] lets me know which one I’m using.

Changing it doesn’t really improve security at all. Disabling its broadcast,
to be honest, really doesn’t improve security that much. So do whatever you
like with the SSID. Maybe give it a name that means something to you so that
you know when you’re connected to your wireless access point.

But most important is to make sure that you’ve got a WPA key that each
computer would need to specify in order to be able to connect up
wirelessly.

(Transcript lightly edited for readability.)

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

3 comments on “What password should I change on my router for security?”

  1. Minor point: a router may well have more than one SSID/network.

    Many routers have “guest” networks so that a guest in your house/office can use your WiFi without knowing your private password. The guest network can also provide added security if it is configured such that it can only access the Internet and not interact with any of the other computers connected to the same router.

    High end routers have two internal radios, one on 2.4GHz, the other on 5GHz. These routers may well have a private and guest network for each radio, yielding a total of 4 networks and thus 4 WPA passwords to deal with.

    Reply
  2. Although these same “high end” routers do have up to four wireless networks available, it is common for most of the newest ones (2013) to have the “guest” wireless networks be “enabled” to turn them on. And though having separate Guest and Regular networks do provide a separation from file sharing/snooping, it does not reduce any chances of bandwidth saturation. If you enable Guest networking but do not include a password, then you are still liable for uninvited use, including possible criminal use, which can only be traced back through your ISP and then to you, not to the actual criminal user. ALWAYS PUT GOOD PASSWORDS ON ALL OF YOUR WIRELESS CONNECTIONS.

    Reply
  3. The only thing I would say about the SSID is that hackers target routers with default SSIDs because they assume that if you haven’t changed such a simple thing, you will most likely not have changed passwords either. As long as you’ve changed your passwords to something far from default and a strong password (if you’re not sure, there’s multiple password strength meters online) you should be fine, but it’s always worth remembering and it’s nice to customise the SSID anyway.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.