Quick Links
Key Takeaways
There are a lot of Wi-Fi security tips that sound great on paper, but don't secure your Wi-Fi network against intrusion. Skip them and focus on these security-enhancing tips and tricks.
Like anything related to computer and network security, quite a few oft-repeated Wi-Fi security tricks don't help at all. Here are the tips and tricks you should avoid and an equal number you should be sure to use.
These Wi-Fi Security Tricks Are Security Theater
Let's start by looking at the tips and tricks that don't do much (or anything) to secure your home Wi-Fi network.
One thing worth noting before we dig in is that not only do these tips do little-to-nothing to make your network more secure, they can make it a hassle for you and everyone else in your household to use the network. So it's best just outright to skip them instead of trying them out with a "Well, it can't hurt, right?" attitude.
Hiding Your Wi-Fi Network Name
If there were an award ceremony for bad security tips, the advice to hide your Wi-Fi network's name (the SSID, or Service Set Identifier) would surely be the lifetime achievement award winner.
The popularity of the tip hinges on how cool it seems, not how effective it is in the real world. At first glance, turning off the SSID broadcast for your router seems like it would put your Wi-Fi router into some sort of stealth mode, like donning an invisibility cloak.
But in reality, turning off the SSID doesn't do anything and only hides your network from people who wouldn't have the skill set to break into your network in the first place. And, worse yet, it just makes it inconvenient to use your own home network.
Changing Your Wi-Fi Network Name
While there's nothing wrong with changing your Wi-Fi's SSID as part of a general refresh of your setup and security settings, just changing it from SomeWirelessNetwork to SomeOtherWirelessNetwork won't do much.
It's about as effective, security-wise, as taking off a name tag at a social mixer and putting a new name tag on. Anybody paying attention won't be fooled.
MAC Address Filters
MAC (Media Access Control) addresses are unique addresses assigned to network interface controllers. The MAC address has been around since the early days of Ethernet---it was part of the Xerox Network Systems networking protocol suite back in the 1970s.
Many routers support a MAC address whitelist (only addresses you add can connect) and blacklist (these devices can never connect). MAC address filtering was never a great security measure in the first place because it's easy to spoof MAC addresses. It's an even less useful tool now that so many devices, like phones and laptops, automatically randomize their MAC addresses to increase user privacy.
So there's no point in using MAC address filtering to secure your home network. You'll waste a bunch of time managing the lists and anyone trying to gain access to your network will just spoof an approved device or bypass your security another way.
Disabling DHCP Assignment
Your router has a function called Dynamic Host Configuration Protocol (DHCP). Every device that connects to the wireless network and the physical Ethernet ports on the router or connected network switches automatically gets a network address assigned with no effort on your behalf.
For as long as there have been DHCP servers, there has been a persistent old wive's tale about how disabling the DHCP server makes your network more secure. At best, it might slow an attacker down by a few minutes. But the trade-off is that you slow down a theoretical attacker by a few minutes in exchange for slowing down your workflow for many, many minutes over the network's lifetime.
Do you know who becomes the DHCP server when there is no DHCP server? You do. It's a huge waste of time to turn off your DHCP server and manually manage every assignment.
Assigning a Static IP to Every Device
There is a time and place for manually assigning a static IP address to devices on your network. If you're self-hosting services, it just makes sense to give your home backup server or a Minecraft server a static IP address so that whatever port forwarding rules you have in place for that service always point to the right thing.
But using static IP address assignments for every single device on your network to increase security is just a hassle with no real benefit. Save the static IP address assignments for the times static IP addresses make sense, like assigning a static IP to a server or to a particular device that inexplicably won't play nice with your router's DHCP server.
Using an Overly Complex Wi-Fi Password
By all means, use a good password for your Wi-Fi router. Don't use your name, your dog's name, "password," "qwerty1234," or other easily guessed or weak passwords.
But barring using a password so short and weak that a child could guess it, your Wi-Fi network likely will not be compromised because of the length of your password (but instead because of vulnerabilities in the hardware, firmware, or encryption standard used).
Wi-Fi passwords can be up to 63 characters long, but practically speaking, there's not much difference between a passphrase like "WiFi Is Awesome!" and "FrK4QgJ#RDnw0e1c3v7F4$8K0%Rf0j" except how much it frustrates you to type the latter into your smart TV using the remote. Whether your Wi-Fi password has enough entropy to require decades of brute-force computation to crack or billions of years of brute-force computation to crack just doesn't matter.
But These Wi-Fi Tips Will Actually Secure Your Network
If the tips in the last section do little-to-nothing to secure your Wi-Fi network, what will? Fortunately, for all the Wi-Fi security tricks of dubious usefulness, there are tips that will actually improve your Wi-Fi security.
Better yet, unlike the pseudo-tips in the last section that make it a hassle to use your Wi-Fi network, these tips will lock things down without giving you (and everyone else in your household) a headache.
If Your Wi-Fi Router Is Ancient, Replace It
Hands down, the biggest home network vulnerability is using ancient hardware. If your Wi-Fi router was released over five years ago, it's time to replace it. It takes about five years or so for Wi-Fi technology to refresh significantly and for manufacturers to stop releasing updates for routers.
If your Wi-Fi router is a mid-2010s model, an update is long overdue. It doesn't support current Wi-Fi standards, it doesn't support the best Wi-Fi encryption, and it likely has permanent vulnerabilities that will never be patched via updates because it hit its end-of-life date years ago.
Security concerns aside, the quality of life improvements that come with updating your router to current Wi-Fi tech is so great we recommend people update their routers even if they don't have super fast broadband and consider an up-to-date router more important than gigabit internet.
We get wanting to save money, but if you want to save money on tech, then do so by using your old iPad for as long as it gets updates or keeping your smartphone for an extra year before upgrading. Don't skimp on your router. The role it plays in managing and securing your network is too important.
Start Fresh with a New SSID and Password
If you're anything like the average person, there is a good chance you've been using the same network name and password for your Wi-Fi router for ages, even carrying it forward to new routers. We get it---if you do that, then you don't have to worry about resetting the Wi-Fi settings on dozens of devices around your home.
But if you're getting serious about Wi-Fi security after a long stretch of not really giving it a second thought, one of the best ways to do that is to start fresh. Setting up your network from scratch is the surest way to kick everyone that doesn't belong off your network and ensure only the devices and people you want have access.
It's a hassle, sure, but if you're taking the time to overhaul the security of your Wi-Fi network, then it's worth doing it right.
Update Your Router's Firmware
Updating your router's firmware is one of the simplest ways to ensure your Wi-Fi network is secure, yet most people buy a router, plug it in, and never update the firmware.
If you've never done so, take a moment to search for your router's model number and see what the firmware update process is. If the manufacturer has current firmware updates, install them. And if the last update was years ago, you should consider upgrading your router.
Use a WPA2-AES or Better Wi-Fi Encryption
At this point, in early 2023, there is no good reason to use deprecated Wi-Fi security standards. WEP, WPA, and WPA2-TKIP are all insecure and should no longer be used. Using older Wi-Fi security standards that can be easily cracked with readily available tools is just asking for trouble.
You should instead use WPA2-AES, which has not yet been deprecated, or, better yet, WPA3 if all the devices on your home network support it.
Set Up a Guest Network
If you're not already using the guest network function on your Wi-Fi router, you should start doing so immediately. Guest networks used to be a fairly uncommon router feature, but now are found on everything from premium to budget models.
Guest networks solve a variety of problems but, most importantly, make it easy to keep your main network secure by handing out what amounts to a temporary password to visitors. When you're setting yours up, be sure to follow this checklist to avoid common issues.
Disable WPS and UPnP
As a general rule, you should disable any features on your Wi-Fi router you are not actively using, especially if those features have known vulnerabilities. Such is the case with both Wi-Fi Protected Setup (WPS) and Universal Plug and Play (UPnP). While they can make setting up devices and services on your home network more convenient, both have known vulnerabilities.
You'll have to log into your router to disable WPS and UPnP (as well as follow the tips above), so while you're in there is a perfect time to review our list of dangerous Wi-Fi router settings and make even more adjustments to lock down your router and home network security.
And remember, you can make choices to better secure an old router, but it's far better to recycle your old router, replace it with something new, and lock down a current router with update-to-date firmware instead.