Wireless network routers and access points—as well as many IoT and smart home gadgets—typically come with a built-in web interface that you can access to change the options and configuration settings, like the Wi-Fi password or the DNS settings. Like many other computer applications, accessing it is as simple as knowing the username and password.
These devices ship with default login information so that you know how to access the settings. You need to be able to get into the system in the first place, so you can configure the settings and add a new username and password. The danger in this is not that the usernames and passwords are publicly available but that people don’t change them!
The first thing you should do after getting access to your new router or device is change the default password.
Change Default Passwords
The first step in securing your wireless network and IoT gadgets is the same as the first step for just about everything else in computers and computer networking: change the defaults.
Any attacker can find out what the default password is for a given program or device in just a few minutes. A quick Google search will reveal that information. The defaults may be great for letting you connect and get the device or program up and running quickly, but in order to keep snoopers or would-be attackers out, you must change the defaults as soon as possible.
Often, the default settings are so common that an attacker doesn’t even need to do any research. Many vendors use admin or administrator as the username and something similar for the password. A couple of “educated guesses” and an attacker could infiltrate your device in no time.
Use this guide on changing the default router password to follow along with screenshots.
If those instructions don’t apply to your specific router or device, consider looking through the user manual that came with your equipment, or do a search for the online manual from the manufacturer’s website (like the attackers will do to compromise your device if you don’t change the password).
Tip: It’s vital to use a strong password so that it’s harder to guess. On that note, however, a strong password is also hard to remember, so consider storing it in a password manager application.
Should I Change the Username?
Some vendors don’t provide a means for changing it but if it is possible, you should also change the default username. Knowing the username gives an attacker half of the information they need to gain access, so leaving it as the default one is definitely a security concern.
Since most devices use something like admin, administrator or root for the default username, be sure to pick something more complex. Even adding some numbers or letters to the beginning or end of those defaults makes it tougher to crack than if you left them out.
Hide Your Network
Changing the default username and password of your wireless router or access point is very important but it isn’t the only way you can protect your network from attackers. Another method is to use hide the fact that there’s a network there at all.
By default, wireless network equipment typically broadcast a beacon signal, announcing its presence as far as the signal can reach, and providing key information necessary for devices to connect to it, including the SSID.
Wireless devices have to know the network name, or SSID, of the network they want to connect to. If you don’t want random devices connecting, then you certainly don’t want to announce the SSID for anyone to grab and start guessing passwords for.
Check out this guide on disabling SSID broadcast if you want to further protect your network from your average hacker.