Home Network Security
There is a website called RouterPasswords.com that lists the default username and password for thousands of router models. It is completely public. Anyone can go there right now, look up your router model, and find out exactly what credentials to try on your admin page.
If you have never changed your router's admin password since the day it was installed, there is a real chance that anyone on your network, or anyone who can reach your router's admin interface, can log in and change whatever they want. DNS settings, firewall rules, port forwarding, WiFi passwords. All of it.
This is one of the most common and fixable security problems on home networks. Here is how to check, and what to do about it.
When a router ships from the factory it needs some way for the owner to log in and configure it. Manufacturers set default credentials, usually something like admin/admin or admin/password, to make the initial setup easy. The problem is that most people never change them.
Attackers know this. Automated tools scan home networks constantly looking for routers with default credentials. When they find one, they can redirect your DNS to malicious servers, intercept your traffic, open ports for remote access, or add your router to a botnet without you ever knowing.
A 2023 study by Fraunhofer Institute found that over 48% of home routers still had unchanged default admin credentials. Nearly half of all home routers are an open door.
| Brand | Default Username | Default Password |
|---|---|---|
| Netgear | admin | password |
| Linksys | admin | admin |
| ASUS | admin | admin |
| TP-Link | admin | admin |
| D-Link | admin | (blank) |
| Arris (AT&T/Comcast) | admin | password or (printed on router) |
| Motorola | admin | motorola |
ISP-provided routers (the ones rented from your internet provider) often have credentials printed on a sticker on the bottom of the device. While this is better than a universal default, the password is often a short alphanumeric string that is relatively easy to brute force if someone can see the router physically.
Open Command Prompt and run ipconfig. Look for the Default Gateway address, that is your router. It will usually be something like 192.168.1.1 or 10.0.0.1.
Type your router's IP address into a browser. When the login page appears, try the default credentials for your router brand from the table above. If any of them work, your router is still using factory defaults and needs to be changed immediately.
Once logged in, look for a section called "Administration," "System," "Advanced," or "Management." There should be an option to change the admin password. Use something strong, at least 16 characters with a mix of letters, numbers, and symbols. Write it down somewhere safe or store it in a password manager.
Tip: Also change the router's admin username from "admin" to something else if your router allows it. It adds one more barrier that automated tools have to get through.
While you have access to your router's admin interface, it is worth taking a few extra minutes to look at a few other settings:
SentinelHome101 checks for default router credentials automatically as part of its 101-point network scan. It attempts to reach your router's admin interface and checks whether the response indicates default credentials are likely in use. You get a clear pass or fail result with specific remediation steps if there is an issue.
It also checks firmware version, UPnP status, guest network isolation, and a dozen other router-level security settings in the same scan, so you do not have to go looking for each one manually.
SentinelHome101 checks for default credentials, outdated firmware, UPnP exposure, and more. Free for Windows.
Download FreeOnce you have set a strong unique password, you don't necessarily need to change it on a schedule. What you should do is change it immediately if you suspect someone may have had access to it, a contractor who was in your home, a houseguest you no longer trust, or if you notice unusual activity on your network.
Treat your router admin password like you would treat your bank password. It controls access to your entire network. While you are reviewing your router settings, it is also worth checking whether UPnP is enabled, which is another common router vulnerability that most people leave on without realizing it.