Your Wi-Fi network connection is not properly secured. We have found that your wireless network connection uses insufficient encryption, or none at all. This means that someone can break in and "eavesdrop" on your wireless networks. People around you, or even the government, can possibly see what’s in your internet traffic, including personal data, passwords and login credentials, credit card details, and personal photos and videos. Furthermore, an attacker can use your network to conduct additional attacks and criminal activity. You are liable if such attacks are traced back to your network.
To solve the problem, you must configure your wireless router, and all devices connected to it, to use the "WPA2" encryption. We also strongly advise you to create a stronger password. To make your password as strong as possible, be sure to include both upper-case and lower-case letters, numbers, and special characters.
Select your router manufacturer below to view further instructions on how to configure your network:
There are basically three types of encryption used in today's routers: WEP, WPA and WPA2. These acronyms refer to different wireless encryption standards which protect - in fact, encrypt - the information you send and receive over the wireless network. Besides that, the network can be configured to be completely open, i.e. use no encryption at all.
WEP (Wired Equivalent Privacy) was the first protocol used in the late 90's. Now it poses serious security risks, as it can be easily hacked by even a novice in just minutes.
Next came WPA (Wi-Fi Protected Access) which was soon replaced by WPA2. WPA2 implements the latest security standards, namely AES (Advanced Encryption Standard), a strong encryption algorithm.
Using WPA/WPA2 protocol, a security key or passphrase is required when a device tries to connect to the wireless network. Most wireless routers allow you to select WPA2 during the setup process. Unfortunately, the default setting in many wireless devices is still WEP or, even worse, nothing (open network), which means anybody in range can connect to it.
Unless your router is very old, it will support WPA2. If it doesn't, we recommend replacing your router.
If some devices only allow WPA and not WPA2, to run both versions on the same network be sure that the router is configured for WPA2 mixed mode. If you're prompted to choose a specific kind of WPA authentication, choose either the personal (PSK) or enterprise (EAP) option. WPA2-Personal generates a 256-bit key from a plain-text passphrase, sometimes called a PSK (PreShared Key) used to initiate a session between the user device and the access point or router. Remember -- your security is as strong as your passphrases. The primary real-world weakness with WPA2-Personal encryption is weak passphrases.
WPA2 is not perfect. Some potential vulnerabilities have been found, but your best defense is to set a strong passphrase, and check our other articles to ensure full protection of your home network.
Although encrypting your traffic can't protect you from all possible attacks, it ensures secure wireless communication.
- Rename your network. Some routers come with default network names (or SSID) like NETGEAR, Linksys, etc. We recommend to use a different name because a default name unnecessarily identifies the make of your router, making it easier for attackers to break in.
- Do not configure your wireless router to hide the SSID. By making your Wi-Fi network invisible, you are configuring your other devices (such as your PC, tablet, phone, etc.) to broadcast the network name themselves, which may be even more dangerous.
- Regularly check who is connected to your network. The router admin interface usually has a section called "Device List", which shows the names of all devices that are connected to the wireless network. Routine checks may reveal unwelcome visitors.
- Don't bother with MAC address access filters. They may seem like a good way to safeguard the network, but in fact they are very easy to bypass. They are just not worth the trouble.
- Advanced users can change the subnet from 192.168.0.x / 192.168.1.x to something like 10.x.x.x. This is an easy way to increase security, because many attacks today are performed by web snippets trying to access the 192.168.0.x / 192.168.1.x addresses (the most common).