WiFi Security
Most people assume their WiFi is secure because it has a password. Having a password is necessary but its only one piece of the picture. The security protocol your router uses to encrypt WiFi traffic matters just as much as the password itself, and there are several other settings that affect how exposed your wireless network is.
This guide walks through everything you need to check to verify that your WiFi network is actually secure, not just password protected.
The security protocol determines how your WiFi traffic is encrypted. Not all protocols are equally secure. Here is the current state of the options you might find on your router:
| Protocol | Status | What to Do |
|---|---|---|
| WPA3 | Best | Use this if your router and all your devices support it |
| WPA2-AES | Good | Acceptable for most home users. Keep it if you can't use WPA3. |
| WPA2-TKIP | Weak | Switch to WPA2-AES or WPA3 if possible |
| WPA (original) | Insecure | Change immediately |
| WEP | Broken | Change immediately, WEP can be cracked in minutes |
| Open (no password) | No encryption | Change immediately |
Click on the WiFi icon in the system tray. Then click the arrow next to your connected network name. Find the network you are connected to and click Properties. Scroll down to find the Security type field. It will show your current protocol.
Alternatively, open Command Prompt and run:
netsh wlan show interfacesLook for the Authentication and Cipher fields in the output.
Log into your router's admin interface (type your Default Gateway address into a browser). Navigate to the wireless settings section. Look for a Security Mode or Authentication setting and change it to WPA3 or WPA2-AES.
Note: Changing your WiFi security protocol will disconnect all devices currently on your network. They will all need to reconnect. This is normal and expected.
Even with WPA2 or WPA3, a weak password can be cracked. A home WiFi password should be at minimum 12 characters long, and ideally 16 or more. It doesn't need to be random characters, a passphrase made up of four or five random words is both strong and memorable.
Passwords to avoid:
Good WiFi password example: CorrectHorseBatteryStaple2026, long, memorable, and extremely difficult to crack.
Your SSID (the name of your WiFi network) is broadcast to anyone within range by default. This is normal and not a security problem by itself, but there are a couple of things worth considering.
Some people disable SSID broadcasting to hide their network. This is called security through obscurity and it doesn't actually provide meaningful security. Anyone with basic scanning tools can still find hidden networks. Its more of an inconvenience than a protection, and it causes usability problems. Leave SSID broadcasting on.
Your SSID itself shouldn't contain information that identifies you. Names like "Smith Family WiFi" or "123 Oak Street" give away who lives there. This is a minor concern but worth changing if yours does this.
WPS was designed to make it easy to connect devices by pressing a button or entering a PIN. The PIN method has a well-documented vulnerability that allows attackers to recover your WiFi password through a brute force attack that takes hours rather than years. Disable WPS in your router's wireless settings.
If you run a guest network, verify that client isolation is enabled. This prevents guest devices from communicating with devices on your main network. Without it, a guest on your network could potentially access your files, printers, and other devices.
Your WiFi signal extends beyond your home's walls. The further it reaches, the larger the area in which someone could attempt to connect. Some routers let you reduce transmission power to limit the range. This is a minor optimization but worth considering if your router lets you adjust it easily.
Even a perfectly configured WiFi network can be compromised if someone has already obtained your password. Log into your router and check the connected devices list periodically. Anyone who knows your WiFi password can connect, including old houseguests, neighbors who may have seen it, or anyone who got it from a device that was previously on your network.
If you find devices you don't recognize, the most straightforward fix is to change your WiFi password. Every device that was previously connected will need to reconnect with the new password, including your own. See our guide on how to check what devices are on your network for a detailed walkthrough of this process.
SentinelHome101 checks your WiFi security protocol, identifies the encryption type and band, checks for default router credentials, verifies your DNS configuration, and flags issues with UPnP, WPS, and guest network isolation automatically as part of its network security scan.
Rather than checking each setting manually in your router's interface, you can run a scan and see everything flagged in one place with specific remediation steps for each issue.
SentinelHome101 audits your WiFi security and 100 other home network settings. Free for Windows.
Download Free