Your Neighbor Probably Knows Your WiFi Password
A few years ago, a friend called me in a panic. Someone had been using her internet connection to download pirated movies — she found out when her ISP sent a copyright warning to her address. She hadn't shared her password with anyone. But her network was named "Linksys" and the password was still "admin."
That's not a rare horror story. That's Tuesday.
Most home routers ship from the factory with default credentials that are publicly listed online. Anyone parked outside your house with a phone can try them in thirty seconds. If you've never touched your router settings, there's a real chance your network is still running on those defaults right now.
Here's the thing nobody tells you: securing your home WiFi isn't about becoming a tech person. It's about doing five specific things once and mostly forgetting about it.
First, Get Into Your Router
Your router is the physical box that your internet provider gave you — or that you bought at a store. It has a small admin panel you can access from any browser. Type 192.168.1.1 or 192.168.0.1 into your browser's address bar (not a search engine — the address bar). One of those will almost certainly work.
You'll see a login page. If you've never changed it, the username and password are probably both "admin," or "admin" and "password." Your router's manual or the label on the bottom of the device will tell you the exact defaults.
Once you're in, don't panic. You only need to change a few things.
Change the Admin Password First — Not the WiFi Password
This is the counterintuitive one. Most people, when they think about router security, immediately change their WiFi password. That matters, but it's not the most important step.
The admin panel is where someone could actually take over your network — redirect your traffic, install firmware, lock you out entirely. According to the Cybersecurity and Infrastructure Security Agency (CISA), default passwords on routers are one of the most exploited vulnerabilities in home networks. Change the admin login to something you'd use for a bank account — long, random, and written down somewhere physical if you need to.
Your WiFi password matters too, obviously. Make it at least 16 characters. A phrase works well: "BlueDogRainyTuesday9" is harder to crack than "P@ssw0rd1" and easier to type on a TV remote.
Turn Off WPS Immediately
WPS stands for WiFi Protected Setup. It's the button on your router that lets you connect a device by pressing a physical button or entering an 8-digit PIN instead of typing a password.
It sounds convenient. It's a known security hole.
The PIN-based version of WPS can be cracked in hours using freely available tools. According to NIST's guidelines on wireless security, WPS PIN authentication should be disabled on any network handling sensitive data. In your router settings, find "WPS" and turn it off. You will not miss it.
Encryption Settings Actually Matter Here
While you're in the settings, look for something called "Security Mode" or "Wireless Security." You want it set to WPA3 if your router supports it, or WPA2 as a fallback. If you see WEP or WPA (without the 2 or 3), that's outdated encryption that can be broken in minutes with a laptop.
Most routers sold in the last five years support WPA2 at minimum. If yours doesn't, that's genuinely a reason to consider replacing it — an old router is less a security tool and more a welcome mat.
Set Up a Guest Network for Everything Else
Here's where most guides stop, and where you should keep going.
Your home network probably has a lot on it: your laptop, your phone, your smart TV, maybe a doorbell camera or a thermostat. Those smart devices are often made by companies with poor security track records. A vulnerability in your smart lightbulb shouldn't be a pathway to your laptop.
Most modern routers let you create a "guest network" — a separate WiFi with its own password that can't see the main network. Put all your smart home devices on it. Put guests on it. Keep your computers and phones on your main network. This is called network segmentation, and it's not a technical concept — it's just keeping your stuff in separate rooms.
Your Router Needs Updates Too
Your phone nags you about updates constantly. Your router sits there silently, often running firmware from the year it was manufactured.
Router firmware updates patch security vulnerabilities. Some newer routers update automatically, but many don't. Log into your admin panel every few months and look for a "Firmware Update" option. It usually takes three minutes. It's one of the most overlooked things in home security.
The Name of Your Network Is Not Harmless
Naming your network "Johnson Family WiFi" or "123 Maple Street" tells anyone scanning nearby networks exactly whose it is and potentially where you live. That's unnecessary information to broadcast.
Name it something generic and boring. "Network5" or "HomeWifi2" tells an attacker nothing useful. This won't stop a determined person, but there's no reason to make yourself the easiest target on the block.
One Honest Limitation
Everything above will meaningfully improve your security against opportunistic attacks — the neighbor trying default passwords, the casual snoop at a coffee shop who stumbles onto your network, the script running automated credential checks.
It will not protect you from a targeted attack by someone with real technical skill and a specific reason to get into your network. That threat requires professional infrastructure — enterprise firewalls, intrusion detection systems, network monitoring. A home router, no matter how well configured, has a ceiling. Know what you're defending against: most of us face low-sophistication, high-frequency threats, and these steps handle those well.
Sources:
- Cybersecurity and Infrastructure Security Agency (CISA)
- NIST