Whether you are setting up and using your home Wi-Fi, or regularly connecting to public Wi-Fi hotspots, there are certain important security considerations that you should know. In this guide, we will walk you through every single Wi-Fi security tip we can think of, to ensure that you are prepared to use wireless hotspots safely – no matter where you connect to them.
How to secure your home WiFi
Nowadays, most homes have a Wi-Fi router set up to provide internet for their devices. Unlike traditional physical networks, a Wi-Fi signal extends beyond the limits of your home and out into the street and neighboring buildings. This can create security risks for your data and any devices connected to the network.
The good news is that there are security protocols and practices available to you that will harden your home's wireless network. Below, we have covered how to gain better control over network access, and how to protect your wireless data as it passes over the network. Check out our guide on how to secure your home network if you need more information about securing your entire network rather than your WiFi connections.
Use the latest WiFi encryption
Depending on how your home's Wi-Fi has been set up, it might be vulnerable to eavesdropping. This means that any personal data passing over the network might be penetrable. It also means that hackers could potentially piggyback on your sessions to inject data or pretend to be you.
The good news is that the vast majority of routers these days provide ample opportunity for setting up the network using robust encryption. Most modern routers provide a number of options for securing data that passes over the network:
- WPA3
- WPA2 AES
- WPA2 TKIP
- WPA
- WEP
- Open Network (no security implemented)
Of the options listed above, we strongly recommend that you set up your home using WPA2 AES (WPA3 is relatively new and is not yet in common use, but will become the primary Wi-Fi security protocol in the future).
To do this, simply access your router's admin panel by entering its IP address into your browser. Following that log in using the admin password and change the encryption settings in the console.
It is worth noting that the AES encryption option often appears in a separate list. Thus, first pick WPA2, and then find the setting for AES to ensure the strongest encryption available to you. (TKIP is no longer considered adequately secure.)
Change your router's admin password
When you purchase a new router – or receive one from your ISP – it will usually come set up with a default admin password. This theoretically makes it easier for a hacker to gain access to your router's settings, which means they could alter the settings to put your network at risk.
By updating your router's credentials to something unique and robust, you ensure that only you can log in to your router's admin console.
To reset the admin password, first access the admin panel from any device connected to the network. You can do this by entering the IP address for the router into your browser. The default password will be in the documentation that came with your router (and can usually be found online if you don't have them).
Once in the admin console, look through the settings for the password settings and update them to something only you know. A robust password will be over 12 characters in length and will contain numbers, symbols, and upper and lower case characters.
Remember that once you have updated your password you will only be able to access the admin panel using this password, so be sure to store it in a safe place – preferably by using a password manager.
Set a robust password for router access
The choice of password for connecting devices to your router can greatly affect the security of your network. If it is easy to guess or brute force that password, somebody living nearby could potentially access your internet for free.
At best, this could cause you to have less bandwidth, slowing your internet down. At worst, it could expose you to severe security threats – and could allow cybercriminals to use your IP address for nefarious purposes.
For this reason, it is vital to ensure that your router password has been set up to be robust. We recommend logging into the router panel to update the original password to something that is in excess of 12 characters in length, and that uses a combination of numbers, symbols, and upper and lower case letters.
Change the network name
In addition to updating the router's passwords, you can also update the name of the network to make it something unique. When routers are manufactured, they often have a default SSID. ISPs often update this default network name to show their name instead.
In either of these circumstances, the SSID can allow a hacker to look up the default admin credentials, which could allow them to gain access to the admin console to mess with your settings. To prevent hackers from being able to get any clues about your router from the default SSID, it is vital to update the network name to something random.
Either way, it is always better to update your home's SSID to something unique. This ensures that a hacker can't compare a default SSID against known default router passwords – to access your router and alter its settings.
Hide your network from public view
In addition to updating the network SSID, it is possible to conceal your network from public view. This is because you don't actually have to broadcast your SSID for the network to still provide you with an internet connection.
When an SSID is hidden, people in the local vicinity can only see that there is a hidden network. Without knowing that network's name, they cannot possibly attempt to connect to it. As with the other settings, you can opt to make a network hidden within the router's admin panel.
Set up a separate network for your IoT devices and visitors
When friends and family visit your home, they will no doubt ask you for access to your network. The good news is that you can set up a secondary network on your router that has a unique password. Allowing friends and family to connect to this secondary network means that they don't have the password to your primary network, and they can't potentially access any of your devices.
This secondary network is also useful for IoT devices such as smart meters, fridges, security cameras, etc.
Many IoT devices have been found to harbor vulnerabilities that can provide an attack vector into your other devices, such as your smartphone or computer.
By ensuring that potentially vulnerable IoT devices are on a completely separate network, you reduce the risk of lateral network movement that could be exploited by cybercriminals. Check out our VPN for IoT devices page for more information about how to protect your home devices.
Restrict network access using MAC addresses
All the devices in your home have a unique MAC (Media Access Control) address. This code identifies them on the local network and can be used to check how many devices are connected to your router in the router's admin panel.
By logging into your router, you can quickly check to see which MAC addresses are connected. If any seem suspicious, and you don't know which device they originate with, you could choose to blacklist that MAC address from being able to connect.
To achieve this, you will usually need to manually input a list of permitted MAC addresses in your router's admin panel. This will limit which devices can connect and prevent unregistered MAC addresses from gaining access.
If, after making the whitelist a device is unable to connect simply add that MAC address to the list. To this end, always make a note of all connected MAC addresses before creating this whitelist – so that you can easily add the MAC address back if it turns out to be a device that you own.
Update your router's firmware
New vulnerabilities and exploits are discovered all the time, and if you don't update your router's firmware, it is possible that your network could become vulnerable to hackers. For this reason, it is vital that you set your router to update automatically – or regularly check for updates manually within the admin panel.
Turn off your router/network
Although this is definitely unnecessary on a day-to-day basis, it is definitely worth considering if you are leaving your home for an extended period of time.
That said, if you are using internet-connected security webcams and other connected devices that you wish to be able to access remotely while you are away, this will not be an option.
If there are no such devices in your home, however, then you can opt to unplug your router while you are away to ensure that your network is not potentially vulnerable to being misused by somebody with access to it.
How to gain security when using Public Wi-Fi hotspots
In addition to the potential security concerns raised by home networks, it is important to consider carefully the risks associated with connecting to public Wi-Fi hotspots.
Unlike a home network which you can set up yourself to ensure it is using the latest encryption and security standards, a public network leaves you at the whim of whoever configured it.
For this reason, it is possible that the data you transmit over a public network is not as well protected as you might hope. Below, we have highlighted solutions designed to tackle these potential risks.
Prevent your device from auto-connecting
When you move around in public, you never know when you are going to encounter an open Wi-Fi hotspot. If you connect to an open network that has been implemented without security, any data that automatically syncs with your apps – such as an email client – could be at risk.
In addition, hackers are known to set up malicious hotspots without security, and automatically connecting to those networks could open you up to data theft.
To prevent this from happening, it is essential that you do not permit your device to connect to networks without first asking your permission. To do this, open your network settings followed by the Wi-Fi preferences, and disable the connect to open networks feature.
Use a VPN
Even public Wi-Fi hotspots you choose to connect to manually can potentially expose you to data risks if the network admin failed to set up the hotspot properly – or the network's security is out of date. In these instances, fellow users attached to the network could potentially intercept your data or piggyback on your sessions.
Cybercriminals are known to set up 'evil twin' hotspots that look legitimate, but are designed to steal your data.
These malicious Wi-Fi points appear in locations such as coffee shops – and are labeled by hackers in such a way that they seem genuine (AirportWiFi, for example).
To ensure that you aren't at risk of having your data stolen when you connect to public Wi-Fi, it is vital that you use a Virtual Private Network. A VPN provides an encrypted tunnel for your data that ensures it is completely secure as it passes over the wireless network and onto the internet. This prevents anybody from being able to intercept your data.
A VPN also provides you with data privacy by preventing Wi-Fi providers such as hotels and airports from being able to track your web visits. This is important because the things you do online might be tracked and sold to data analysis firms for marketing. For more information about this, check out our VPN for public networks article.