Home Wi-Fi routers broadcast a network name and require a password to connect. Changing the default password and enabling WPA3 encryption (or WPA2 if unavailable) prevents unauthorized access to your network and protects data traveling across it.
Your Wi-Fi router does something counterintuitive: it shouts your network name (the SSID) into the air constantly so that nearby devices can find it. Anyone within range — neighbors, passersby — can see this broadcast and attempt to connect. The password is the only barrier between your network and unauthorized users. What most people don't realize is that every router ships from the factory with the same default password printed on a label on the back — and these defaults are publicly documented online. Leaving a router on its default password is roughly equivalent to using a master key that anyone can look up.
The password alone, however, only controls who gets in. What protects the actual data traveling across your network is encryption — the process of scrambling data so that even someone who intercepts the radio signal cannot read it. This is where the Wi-Fi security protocol matters. WEP (Wired Equivalent Privacy), the original standard, is now completely broken: it can be cracked in minutes with freely available tools. WPA2 (Wi-Fi Protected Access 2) was the standard for years and remains acceptable, using AES encryption that is computationally difficult to brute-force. WPA3, the current standard, strengthens this further by preventing offline dictionary attacks — even if someone captures the encrypted handshake, they cannot test passwords against it without contacting the router each time, which limits guessing speed dramatically.
Think of the encryption protocol as the quality of the lock on your door, and the password as the key to that lock. A strong lock with a short, simple key (like "password123") is easily defeated. A weak lock — WEP — is breakable regardless of key strength. The combination that matters is a strong protocol (WPA2 minimum, WPA3 preferred) plus a long, random password. Routers let you set both through a web interface typically accessed at 192.168.1.1 or 192.168.0.1 from any browser on your network.
Two additional steps build on this foundation. First, change the router's admin password — this is separate from the Wi-Fi password and controls access to the router's settings page itself. Default admin credentials are also publicly known; an attacker on your network could reconfigure your router entirely if you leave them unchanged. Second, consider disabling WPS (Wi-Fi Protected Setup), the button-press pairing feature. WPS was found to have a severe vulnerability that allows brute-forcing the PIN in hours, bypassing your strong password entirely. Disabling it closes this exposure without any practical cost if you primarily connect devices by entering the password manually.
No topics depend on this one yet.