Hi, Leo. I'm a long-time subscriber to your newsletter and always look
forward to receiving it. You've helped me a couple of times in the past and I'm
hoping you can help me again. I'm trying to set up the security on my ISP
supplied router and change the passwords. I've read a lot of your articles on
this and many others but I'm still not sure which passwords to change. I have a
wireless network name (SSID) and a key. I also have a router access username
(unsurprisingly "admin") and a password. Should I change the name of all four
of these or can I change just some subset?
In this excerpt from
Answercast #99 I look at how to change the various usernames and passwords
on a router - and why it's important.
Become a Patron of Ask Leo! and go ad-free!
Change router password
So, the fact that you have all four of them is very good.
There's basically two passwords that you really want to change: There's one
you want to have (because the default is not to have one at all); and
there's one you want to change.
Administration password
The administration password is the password that you supply when you connect
to the router in order to configure it or reconfigure it.
You don't need to change the name. In fact, in many routers, you can't
change the name - so in this case "admin" may very well be what you're stuck
with forever. However, definitely change the password and definitely make sure
it's a good strong password.
Malware targets routers
The reason it's important to change the password is because there is malware
that contains a little database of all of the common default passwords on most
of the popular routers that are currently available. When the malware runs, it
basically goes out to the router and tries to reconfigure it by accessing it
with the default password. If it does, lots of things can go wrong.
It's so easily solved; so easily prevented by simply putting on your own
secure password to the administration screen.
So, that's probably, I won't say it's the most important one - but it is
very important so do that.
WPA Key
The other password you're talking about is the WPA key. In other words, it's
the encryption key for your wireless connection.
That's important for two reasons actually. One is that it prevents people
who don't know the password from connecting to your wireless access point. And
second, it encrypts all of the data that's transmitted between your wireless
access point and the computers using it so somebody couldn't listen in and
understand what all the data is that is being transmitted back and forth.
Default SSID
Now, the SSID, I keep hearing opinions back and forth on [broadcasting] the SSID. I leave it [broadcasting] enabled. I don't bother changing it - it's up to you.
In my case, I do change the SSID [name]. I have four access points here and I want to know which one I'm connecting to. The SSID [name] lets me know which one I'm using.
Changing it doesn't really improve security at all. Disabling its broadcast,
to be honest, really doesn't improve security that much. So do whatever you
like with the SSID. Maybe give it a name that means something to you so that
you know when you're connected to your wireless access point.
But most important is to make sure that you've got a WPA key that each
computer would need to specify in order to be able to connect up
wirelessly.
(Transcript lightly edited for readability.)
Next from Answercast 99- Do I need to be online to perform anti-malware scans or backups?
Minor point: a router may well have more than one SSID/network.
Many routers have “guest” networks so that a guest in your house/office can use your WiFi without knowing your private password. The guest network can also provide added security if it is configured such that it can only access the Internet and not interact with any of the other computers connected to the same router.
High end routers have two internal radios, one on 2.4GHz, the other on 5GHz. These routers may well have a private and guest network for each radio, yielding a total of 4 networks and thus 4 WPA passwords to deal with.
Although these same “high end” routers do have up to four wireless networks available, it is common for most of the newest ones (2013) to have the “guest” wireless networks be “enabled” to turn them on. And though having separate Guest and Regular networks do provide a separation from file sharing/snooping, it does not reduce any chances of bandwidth saturation. If you enable Guest networking but do not include a password, then you are still liable for uninvited use, including possible criminal use, which can only be traced back through your ISP and then to you, not to the actual criminal user. ALWAYS PUT GOOD PASSWORDS ON ALL OF YOUR WIRELESS CONNECTIONS.
The only thing I would say about the SSID is that hackers target routers with default SSIDs because they assume that if you haven’t changed such a simple thing, you will most likely not have changed passwords either. As long as you’ve changed your passwords to something far from default and a strong password (if you’re not sure, there’s multiple password strength meters online) you should be fine, but it’s always worth remembering and it’s nice to customise the SSID anyway.