Jordan Gloor / How-To Geek
Getting a new Wi-Fi router is the perfect time to update your passwords, set up
a guest network, and otherwise secure your router.
You just plugged in your new Wi-Fi router. Now what? Itâs a perfect time to
set things up with best practices right from the start and get the most out of
your faster, better, and up-to-date hardware.
Consider Starting with a Clean Slate
Before we look at individual configuration options, letâs talk about starting
with a clean slate. Itâs tempting to just âcloneâ your old routerâs
settings and do everything as you did before. And trust us, we get it.
Adding a bunch of devices like Wi-Fi cameras and smart home gear back into your
home network is a hassle. And if youâre the tech support person in your
household, you probably want to avoid everyone yelling, âWhy doesnât my
tablet work?!â over the next day or two.
But from a security standpoint, thereâs nothing as good as wiping the slate
clean and starting with a completely fresh network. In fact, itâs the only
surefire way to kick people off your Wi-Fi network and ensure itâs locked
down properly. We know itâs a hassle, but there are some compelling reasons
to start fresh with a new Wi-Fi network name and password.
Configure Your ISPâs Modem/Router Combo
Most of the configuring youâll do when you get a new Wi-Fi router is on the
Wi-Fi router itself, but many people will need to fiddle with their Internet
Service Provider (ISP) supplied gear.
If you previously used your ISPâs combination modem/Wi-Fi router, you must
make two configuration changes for a smooth experience with your new Wi-Fi
router. First, you need to put your ISPâs combo unit into bridge mode. Bridge
mode tells the ISPâs router to stop functioning as a router and start passing
the internet connection to your new Wi-Fi router.
If you donât put your ISP-supplied router into bridge mode, it can cause lag,
connection instability, and other issues that arise from your connection
passing through a Network Address Translation (NAT) process twice. While some
devices will warn you that you have a double NAT problem (the Xbox, for
example, will warn you with the message âDouble NAT Detectedâ in the
network menu), most devices wonât, and youâll be left in the dark as to why
some services just donât seem to work right.
Second, you need to turn off the Wi-Fi radio in the ISPâs Wi-Fi router combo
unit. Some models will automatically disable the Wi-Fi when you put the combo
unit into bridge mode, but many wonât. If you donât disable the Wi-Fi
radio, youâll add Wi-Fi interference and congestion to the same airspace
youâre deploying your new Wi-Fi router.
Update the Firmware
You just unpacked your router and plugged it in, meaning itâs running the
firmware flashed to the device during manufacturing. Itâs likely not
painfully out of date, but itâs a good idea to immediately update the
firmware upon booting the router up for the first time and before messing
around with any other settings.
Not only does updating the firmware ensure any bug fixes and security patches
are applied, but it also ensures your routerâs interface is updated and
matches the manufacturerâs help documents, should you need to reference them.
Enable Automatic Updates
Some people like to keep automatic updates turned off because they carefully
manage their home network in a very hands-on fashion. If youâre the kind of
person that pores over firmware release notes and frequents network forums to
see what issues other hobby network system administrators have with various
firmware updates, then this isnât the tip for you.
But most people fall into the exact opposite camp, which is the camp of never
updating the firmware on their router and running it for years with outdated
firmware and potential security vulnerabilities.
Some newer routers, especially mesh systems like those from Eero and Nest,
automatically update themselves (which is one of the reasons we recommend
people give their parents and other relatives mesh Wi-Fi). But if yours
doesnât, be sure to turn it on so you donât have to worry about checking
for updates in the future.
If your router doesnât support automatic updates, itâs useful to put a
reminder on your calendar to check for firmware updates every few months.
Update the Administrator Password
The administrator password is a frequently overlooked aspect of router
security. Many models still have common default administrator login and
password combinations you can easily guess or look up on the internet. Newer
models might have pseudo-random passwords. In both cases, the password is
almost always printed directly on the label attached to the router.
As such, itâs best to change the default password to something new to ensure
access to your router isnât as simple as trying a common combination or just
reading the login right off the router body.
Enable the Best Wi-Fi Encryption
Modern Wi-Fi devices are backward compatible with older Wi-Fi encryption
standards, but that doesnât mean you should keep using them just because you
used them in the past.
The best Wi-Fi encryption to use is WPA3, but if you have devices on your
network that you canât easily replace or switch to Ethernet, then we
recommend you use WPA2 AES. Unlike earlier Wi-Fi encryption standards that are
now deprecated, WPA2 AES is still considered secure.
Change the Default Wi-Fi Password
Most routers now come with a pseudo-random password set as the default. Like
the admin login and password, that password is usually on a sticker attached to
the router.
While itâs better than the simplistic default administrator passwords all too
many routers still use, your routerâs preset Wi-Fi password is not as random
or secure as you might think.
Switching it out immediately with a better and longer Wi-Fi password distances
you from the security problems inherent with pre-generated passwords and, more
importantly, the password printed right there on the device it is meant to
secure.
Change the Default SSID
While many Wi-Fi routers, primarily mesh routers, will prompt you to enter an
SSID right from the start, plenty of routers on the market come with a default
option.
Itâs not the end of the world to use the default SSID, but the default SSID
almost always telegraphs information about your router. Changing your SSID
wonât deter a competent and determined attacker from gleaning information
about your hardware, but switching from a preset default to something else
never hurts. As always, avoid any identifying information. Switching from a
default SSID of âNetgear98â to âApartment2Aâ is a security downgrade.
Enable the Guest Network
Enabling the guest network right from the start is a great way to avoid dealing
with future hassles and security problems. Why does it matter? Giving someone
the password to your main Wi-Fi network gives them direct access to your entire
home network and everything on it. On the other hand, a guest network is
designed to give people internet access without opening up the whole network to
them.
And using the guest network for guests prevents you from ending up in a
situation where you need to update your Wi-Fi password, but youâre reluctant
to do so because of the hassle of resetting the password on dozens and dozens
of devices. When your reset the guest network password, you can just give the
new one to any guests the next time they come around. Check out these Wi-Fi
guest network best practices when you set up your guest network.
Change Your DNS Servers
You might not think about Dynamic Name System (DNS) servers oftenâor
everâbut you should take a moment to think about DNS when setting up a new
router.
If you donât pick a DNS server, your router will default to using your
ISPâs DNS servers. There are plenty of privacy, security, and speed reasons
to switch from your ISPâs DNS, so you might as well do it while youâre
speed-running this list of best Wi-Fi router practices.
Check Remote Access Is Disabled
Remote access is typically disabled by default, but since youâre already in
the routerâs control panel doing a thorough audit, now is the time to locate
the remote access option and ensure itâs disabled.
Some routers donât have traditional remote access, wherein you can log into
the administrative control panel by connecting to the public IP address of the
router. Platforms like eero and Nest Wi-Fi have cloud-based administration via
their respective apps, so be sure to use a strong password for your account and
enable two-factor authentication when available.
Disable WPS and UPnP
Wi-Fi Protected Setup (WPS) and Universal Plug and Play (UPnP) are two
protocols intended to make setting up devices on your Wi-Fi network and
automatically configuring connections with your router easier.
They do, in fairness, do that. But they also introduced a bunch of security
vulnerabilities. Some routers no longer include WPS, but you should check yours
regardless and disable it. UPnP is still included in routers and is usually
turned on by default, so check for that too and disable it. And if you have
issues with UPnP disabled, you can always manually forward ports for the
services that need them.
Plan for Your Next Router Upgrade
âWoah, woah, woah, I just bought this router!â you might be thinking. And
thatâs a completely fair reaction to seeing us end this list by suggesting
you need to plan to buy another router.
But most people buy a Wi-Fi router and use it until its last dying breath (or
until it becomes so unstable and slow they wish it would just give up the
ghost). The best way to prevent yourself from becoming that person with the
super old, super outdated, and super frustrating Wi-Fi router is to make a
mental note nowâwhile setting up your brand new routerâto replace it.
Better yet, put a reminder on your calendar to revisit the topic.
How soon should you consider a replacement? We recommend people replace their
Wi-Fi routers every 3-5 years. If you want better performance and regular
feature updates, upgrade every three years. If you want to avoid obsolescence
and security problems, upgrade every five. Whatever you do, though, donât
wait until you can check off every item on this list of signs itâs time to
upgrade.
===========================================================
The fb-exchange mailing list
Manage account,
List Page: https://www.freelists.org/list/fb-exchange
Archive: https://www.freelists.org/archive/fb-exchange
To unsubscribe: log onto the List page and select "Unsubscribe".
Administrative contact: insight@xxxxxxxxxxxxxxxxxxxx
===========================================================