Description
Your Wi-Fi network connection is not properly secured. We have found that your wireless network connection uses insufficient encryption, or none. This means that anyone can connect to and "eavesdrop" on your wireless networks. People around you, or even the government, can be next door and see what's in your internet traffic, including your personal data, passwords and login credentials, credit card details, and personal photos and videos. Furthermore, an attacker can misuse your network to conduct further attacks or criminal activity - meanwhile you are liable if such attacks are traced back to your network.
Solution
To solve the problem, you must configure your wireless router, and all devices connected to it, to use the "WPA2" encryption. We also strongly advise you to create a stronger password. To make it as strong as possible, make sure to include some upper- and lower-case letters, numbers, and special characters.
Select your router manufacturer below to view further instructions on how to configure your network:
Details
There are basically three types of encryption used in today's routers: WEP, WPA and WPA2. These acronyms refer to different wireless encryption standards which protect - in fact, encrypt - the information you send and receive over the wireless network. Besides that, the network can be configured to be completely open, i.e. use no encryption at all.
WEP (Wired Equivalent Privacy) was the first protocol used in the late 90's. Now it poses serious security risks, as it can be easily hacked by even a novice in minutes.
Next came WPA (Wi-Fi Protected Access) and was shortly after replaced by WPA2. WPA2 implements the latest security standards, namely AES (Advanced Encryption Standard), a strong encryption algorithm.
Using WPA/WPA2 protocol, a security key or passphrase is required when a device tries to connect to the wireless network. Most wireless routers allow you to select WPA2 during the setup process. Unfortunately, the default setting in many wireless devices is still WEP or, even worse, nothing (open network), which means anybody in range can connect to it.
Unless your router is very old, it will support WPA2. If it doesn't, we recommend replacing your router.
If some devices only allow WPA and not WPA2, to run both versions on the same network, be sure that the router is configured for WPA2 mixed mode. If you're prompted to choose a specific kind of WPA authentication, choose either the personal (PSK) or enterprise (EAP) option. WPA2-Personal generates a 256-bit key from a plain-text passphrase, sometimes called a PSK (PreShared Key) used to initiate a session between the user device and access point or router. Remember -- your security is as strong as your passphrases. The primary real-world weaknesses with WPA2-Personal encryption are weak passphrases.
WPA2 is not perfect. Some potential vulnerabilities have been found, but your best defense is to set a strong passphrase, and check our other articles to ensure full protection of your home network.
Although encrypting your traffic can't protect you from all possible attacks, it ensures secure wireless communication.
Tips
- Rename your network. Some routers come with default network names (or SSID) like NETGEAR, Linksys etc. We recommend to use a different name because a default name unnecessarily identifies the make of your router, making it easier for attackers to break in.
- Do not configure your wireless router to hide the SSID. By making your Wi-Fi network invisible, you are configuring your other devices (such as your PC, tablet, phone, etc.) to broadcast the network name themselves, which may be even more dangerous.
- Regularly check who is connected to your network. The router admin interface usually has a section called "Device List", which shows the names of all devices that are connected to the wireless network. Routine checks may reveal unwelcome visitors.
- Don't bother with MAC address access filters. They may seem like a good way to safeguard the network, but in fact they are very easy to bypass. They are just not worth the trouble.
- Advanced users can change the subnet from 192.168.0.x / 192.168.1.x to something like 10.x.x.x. This is an easy way to increase security, because many attacks today are performed by web snippets trying to access the 192.168.0.x / 192.168.1.x addresses (the most common).