Helping people with computers... one answer at a time.

Routers have several usernames and passwords. One is very important to change for network security.

Hi, Leo. I'm a long-time subscriber to your newsletter and always look forward to receiving it. You've helped me a couple of times in the past and I'm hoping you can help me again. I'm trying to set up the security on my ISP supplied router and change the passwords. I've read a lot of your articles on this and many others but I'm still not sure which passwords to change. I have a wireless network name (SSID) and a key. I also have a router access username (unsurprisingly "admin") and a password. Should I change the name of all four of these or can I change just some subset?

In this excerpt from Answercast #99 I look at how to change the various usernames and passwords on a router - and why it's important.

Change router password

So, the fact that you have all four of them is very good.

There's basically two passwords that you really want to change: There's one you want to have (because the default is not to have one at all); and there's one you want to change.

Administration password

The administration password is the password that you supply when you connect to the router in order to configure it or reconfigure it.

You don't need to change the name. In fact, in many routers, you can't change the name - so in this case "admin" may very well be what you're stuck with forever. However, definitely change the password and definitely make sure it's a good strong password.

Malware targets routers

The reason it's important to change the password is because there is malware that contains a little database of all of the common default passwords on most of the popular routers that are currently available. When the malware runs, it basically goes out to the router and tries to reconfigure it by accessing it with the default password. If it does, lots of things can go wrong.

It's so easily solved; so easily prevented by simply putting on your own secure password to the administration screen.

So, that's probably, I won't say it's the most important one - but it is very important so do that.

WPA Key

The other password you're talking about is the WPA key. In other words, it's the encryption key for your wireless connection.

That's important for two reasons actually. One is that it prevents people who don't know the password from connecting to your wireless access point. And second, it encrypts all of the data that's transmitted between your wireless access point and the computers using it so somebody couldn't listen in and understand what all the data is that is being transmitted back and forth.

Default SSID

Now, the SSID, I keep hearing opinions back and forth on [broadcasting] the SSID. I leave it [broadcasting] enabled. I don't bother changing it - it's up to you.

In my case, I do change the SSID [name]. I have four access points here and I want to know which one I'm connecting to. The SSID [name] lets me know which one I'm using.

Changing it doesn't really improve security at all. Disabling its broadcast, to be honest, really doesn't improve security that much. So do whatever you like with the SSID. Maybe give it a name that means something to you so that you know when you're connected to your wireless access point.

But most important is to make sure that you've got a WPA key that each computer would need to specify in order to be able to connect up wirelessly.

(Transcript lightly edited for readability.)

Article C6361 - March 24, 2013 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

3 Comments
Michael
March 26, 2013 2:13 PM

Minor point: a router may well have more than one SSID/network.

Many routers have "guest" networks so that a guest in your house/office can use your WiFi without knowing your private password. The guest network can also provide added security if it is configured such that it can only access the Internet and not interact with any of the other computers connected to the same router.

High end routers have two internal radios, one on 2.4GHz, the other on 5GHz. These routers may well have a private and guest network for each radio, yielding a total of 4 networks and thus 4 WPA passwords to deal with.

Eric in Naples, FL
March 27, 2013 6:33 PM

Although these same "high end" routers do have up to four wireless networks available, it is common for most of the newest ones (2013) to have the "guest" wireless networks be "enabled" to turn them on. And though having separate Guest and Regular networks do provide a separation from file sharing/snooping, it does not reduce any chances of bandwidth saturation. If you enable Guest networking but do not include a password, then you are still liable for uninvited use, including possible criminal use, which can only be traced back through your ISP and then to you, not to the actual criminal user. ALWAYS PUT GOOD PASSWORDS ON ALL OF YOUR WIRELESS CONNECTIONS.

Andy
March 30, 2013 9:51 AM

The only thing I would say about the SSID is that hackers target routers with default SSIDs because they assume that if you haven't changed such a simple thing, you will most likely not have changed passwords either. As long as you've changed your passwords to something far from default and a strong password (if you're not sure, there's multiple password strength meters online) you should be fine, but it's always worth remembering and it's nice to customise the SSID anyway.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.