Here’s why this matters more than people realize. Your router is the single gateway between every device in your home and the wider internet, which makes it the most valuable target in the house and, paradoxically, the one almost nobody secures. Unlike your phone or laptop, which nag you about updates constantly, a router tends to sit silently for years, never touched, never updated, quietly running the factory defaults. Attackers know this. They run automated tools that sweep entire neighborhoods looking for routers with default passwords and outdated settings, because a compromised router is a goldmine — whoever controls it can watch the traffic of every device on the network, redirect you to fake websites, and reach the cameras and computers inside your home. Spending one afternoon here protects everything else you’ve ever done to stay safe online.
Before You Start: Getting Into Your Router (5 Minutes)
Everything you’ll change lives in your router’s admin panel — a settings page you reach through a web browser. Getting in is simpler than it sounds. First, flip your router over and look at the label: it usually lists the default network name, the default Wi-Fi password, and a web address or IP number for the settings page (often something like 192.168.1.1 or 192.168.0.1). Connect a computer or phone to your Wi-Fi, type that address into your browser’s address bar, and you’ll reach a login screen.
That login asks for the router’s admin credentials, which are also usually printed on the label — and which, on far too many routers, are still set to something like “admin” and “admin.” If you got your router from your internet provider, the login may instead be managed through their app or website; if so, that’s where you’ll make these changes. Once you’re in, you’re looking at the control center for your entire home network. Note that menu names vary by brand, so if you can’t find a setting by the exact name used below, search online for “[your router brand] [setting name]” and the manufacturer will usually have step-by-step instructions.
The Afternoon Checklist
1. Change both passwords — yes, there are two
This is the most important step, and the one people get half-right. As the FTC explains, your router actually has two separate passwords, and they do different jobs. The Wi-Fi network password is the one you type to connect a device to your Wi-Fi. The router admin password is the one that logs you into the settings panel itself. Most people change the first and never touch the second — which is a serious mistake, because if an attacker gets into the admin side, they can undo every other protection you’ve set, including changing your Wi-Fi password right out from under you. Change them both, and never make them the same as each other. Avoid any password that includes your name, your address, or your router’s brand.
2. Turn on strong encryption
Encryption scrambles the data traveling over your Wi-Fi so that someone nearby can’t simply read it out of the air. In your wireless security settings, choose WPA3 if your router offers it, or WPA2 (specifically WPA2-AES, sometimes labeled WPA2-PSK or WPA2 Personal) if it doesn’t. Both the FTC and CISA point to these two as the standard. What you must not use is the older WEP or plain WPA — those are outdated and can be cracked in seconds. If those are the only options your router offers, try updating its firmware (step 5) to unlock the newer ones; if WPA2 or WPA3 still don’t appear afterward, your router is too old and it’s time to replace it.
3. Create a strong Wi-Fi passphrase
When you set the new Wi-Fi password, don’t reach for a short, clever one. CISA recommends a passphrase made of five to seven unrelated words, totaling at least sixteen characters — something like a string of random words you’ll recognize but no one could guess. A long passphrase like this is both far harder to crack and much easier to type into a game console or a guest’s phone than a tangle of symbols. Make it unique to your Wi-Fi; don’t reuse a password from any other account.
4. Rename your network
Your network name — the SSID — is broadcast constantly to everyone in range, so be thoughtful about it. Change the default name, because a factory SSID can quietly tell an attacker your exact router make and model, and with it any known weaknesses to target. At the same time, don’t swap in anything personal: no last name, no apartment number, no street address. A neutral, anonymous name that doesn’t identify you or your hardware is exactly right.
5. Update the firmware (the step everyone skips)
Firmware is your router’s built-in software, and manufacturers release updates to patch security holes as they’re discovered. The catch is that, unlike your phone, most routers don’t install these automatically — so an unpatched router can carry years of known, fixable vulnerabilities. In your admin panel, look for “Firmware Update,” “Router Update,” or “System Update,” install whatever is available, and — this is the part that saves you from ever having to remember again — turn on automatic updates if your router offers them. CISA specifically recommends enabling automatic firmware updates wherever possible.
6. Set up a guest network
A guest network is one of the most underrated features on your router, and both the FTC and CISA recommend turning it on. It creates a second, separate Wi-Fi network that gives internet access without granting access to your main network — so devices on it can’t reach your computers, your printer, your shared files, or each other. Use it two ways: give the guest network’s name and password to visitors so they never touch your primary network, and — importantly — put your smart-home gadgets on it too. Those cheap cameras, plugs, and speakers are often the least secure things in your house, and isolating them on the guest network means a flaw in one can’t become a doorway to your laptop.
7. Switch off the risky extras
Routers ship with several “convenience” features turned on that quietly widen your attack surface. The FTC and CISA both advise disabling three of them unless you specifically need them. Remote management lets the admin panel be reached from outside your home — handy for almost no one, and a gift to attackers. WPS (Wi-Fi Protected Setup), the push-button pairing feature, has well-known weaknesses that can be exploited to get onto your network. UPnP (Universal Plug and Play) lets devices open up your network automatically, which can be abused by malware. Find these in your settings and turn them off; you’ll almost certainly never miss them.
8. Place the router somewhere sensible
A small physical step closes the loop. CISA notes that your router should sit in a secure location, not somewhere easily accessible to others — a hard reset button on the device can wipe all your hard work in seconds if a stranger or visitor can reach it. As a bonus, a central, elevated, open spot (rather than a closet or a basement corner) also gives you better coverage throughout the home. Secure and central: the same placement helps both your safety and your signal.
The Afternoon, Step by Step
□ 1. Change the router admin password AND the Wi-Fi password (two different passwords).
□ 2. Set encryption to WPA3, or WPA2-AES if that’s the best available.
□ 3. Make the Wi-Fi password a 5–7 word passphrase, 16+ characters.
□ 4. Rename your network — no defaults, no personal info.
□ 5. Update firmware and enable automatic updates.
□ 6. Turn on a guest network for visitors and smart devices.
□ 7. Disable remote management, WPS, and UPnP.
□ 8. Place the router in a secure, central spot.
Don’t Forget the Smart Stuff
Once the router is locked down, turn your attention to everything hanging off it. The FTC’s guidance on internet-connected devices makes the point that the router is the key to the whole smart home, but each gadget needs attention too. Smart cameras, video doorbells, speakers, plugs, thermostats, TVs — many of them shipped with their own default passwords, and a startling number of people never change them. Go through each connected device and do three things: change its default password to something unique, check that its app or firmware is up to date, and, where you can, move it onto the guest network you just created.
This matters because smart devices are frequently the weakest link in a home network — cheaply made, rarely updated, and easy to overlook. An attacker who can’t crack your laptop might walk in through a five-dollar smart plug instead, and from there move toward the things that matter. Securing the router protects the front door; securing the devices closes the windows.
When It’s Time for a New Router
Sometimes the most secure move is to retire the box entirely. The FTC is straightforward about this: if your router only offers the outdated WEP or WPA encryption and a firmware update doesn’t unlock WPA2 or WPA3, you should replace it. A few other signs point the same way: the manufacturer hasn’t released a firmware update in years (meaning newly discovered holes are never being patched), the router can’t create a guest network, or it’s an aging unit your internet provider handed you a long time ago. A modern router that supports WPA3, gets regular automatic updates, and offers guest networking isn’t a luxury — it’s the difference between a device that defends your home and one that quietly exposes it.
A 10-Minute Tune-Up, Once a Year
The afternoon’s work holds up well, but a network is a living thing — devices come and go, and new vulnerabilities surface. So give yourself a short annual check, tied to something you already do, like the twice-a-year clock change when you test your smoke alarms. Log back into the admin panel and confirm the firmware is current (or that auto-updates are still on). Look at the list of connected devices and make sure you recognize every one of them. And if a device has left your life — an old phone, a former roommate’s laptop — this is a good moment to refresh the Wi-Fi password and reconnect only what belongs. Ten minutes a year keeps the door you just locked from drifting back open.
Signs Someone May Already Be On Your Network
A few symptoms suggest an uninvited guest. An unexplained, persistent slowdown can mean someone else is using your bandwidth. More tellingly, your router’s admin panel includes a list of connected devices — if you scan it and find something you don’t recognize and can’t account for, treat that as a warning. If you suspect anyone has gotten in, the response is the same set of steps you just learned, done with urgency: change both passwords immediately, confirm WPA3 or WPA2 encryption is on, update the firmware, and then watch the device list to be sure the intruder doesn’t reappear. Changing the Wi-Fi password alone kicks every currently connected device off the network, forcing each one to re-authenticate — which is a fast, satisfying way to evict a freeloader.
One Afternoon. Years of Protection.
Your router is the quietest, most important device in your home — the gateway everything else depends on — and it’s almost certainly the one you’ve spent the least time thinking about. The factory defaults that came with it were built for easy setup, not for keeping intruders out, and they stay exactly as risky as the day you plugged it in until someone changes them. That someone is you, this afternoon.
Change both passwords. Turn on WPA3. Build a real passphrase. Rename the network, update the firmware, raise a guest network, and switch off the features you don’t use. None of it requires expertise — just a couple of hours and a willingness to open the settings page once. When you’re done, the front door is finally locked, and every device behind it is safer for it.
Open your router’s settings today. Future-you is already grateful.
This article is for general security education; menu names and steps vary by router. For official, up-to-date guidance, see the Federal Trade Commission and the Cybersecurity and Infrastructure Security Agency, and consult your router manufacturer’s instructions for your specific model.
Leave a Reply