Setting up a new home WiFi box (also known as a router)? It’s tempting to focus on just getting the darned thing to work but you should also change the WiFi password while you’re at it, and there may be more than one.
The broadband router is the beating heart of home technology that beams WiFi to desktops, laptops, mobile phones, smart TV sets and possibly more. To keep your connection secure, changing WiFi passwords should be as regular as changing lightbulbs.
The task shouldn’t be overlooked because one of the two passwords is often easy to guess. And with it you can change the other one. There’s even the possibility that your new router has no password protecting it at all…
As an important part of your digital home security system, we’ll talk you through how – and how often – to change passwords and take a look at what might happen if you don’t.
Why should I change my WiFi password?
Anyone who has ever known your WiFi password still has it, unless you change it. And they can access your internet connection and everything on your network from nearby, including outside your home within a short distance. So if your neighbour’s teenager once babysat for you, or your ex-flatmate lives across the street, they could be streaming movies right now using your broadband and you’d never know.
Or it can be used more maliciously. Robert Schifreen is a former hacker whose company Cybaware now provides security awareness training to staff in companies across the UK.
Schifreen outlines the worst case scenario: “If you do get hacked, i.e. if someone uses your WiFi password because they used to know it and you never changed it, that person is now connected to your router and everything connected to it. They can access (or try to) your computer, phone, security or doorbell cameras, other smart devices such as heating thermostat, your printer, router, and so on.
“If you haven’t changed the Admin password on your router they can change its configuration settings, disable your internet service, disconnect your devices such as the cameras, or change your WiFi password and lock you out completely.
“They could even disable the router’s firewall, which means that they can then hack your devices from wherever they are in the world, not just while they’re connected to your WiFi.”
Speaking of improving thing, you might want to consider a wifi extender to offer the best broadband connection.
How to change your router’s WiFi password – step by step
First, know that you actually have two broadband passwords assigned to your router. The Admin password is the one that you use to change the router’s settings. The WiFi password is the one that you, family members and guests use to sign into WiFi wireless internet.
The default Admin password for your router is usually generic. It might even be “admin” or “password” or blank. When you first get your router (or right now, if you didn’t do it already) change it.
- Find out the current settings. The instruction manual should give you the two pieces of information you need to do this: an “IP address” (a set of numbers and dots that you type into your web browser, where you would normally type the website address) and a password. If you’ve lost your instruction manual, you can Google these settings, you just need the make and model of the router.
- Type the IP address into the web browser on your laptop, computer, phone or tablet, then log in using the default Admin password.
- Then change the Admin password (see below for how to pick a good one). You shouldn’t need to change it again.
- While you’re there, change the WiFi password too. That’s probably already a string of letters and numbers that is unique to your router. But you need to remember it every time you set up a smart device or a guest asks for it. So it’s best to change it to something that’s memorable only to you (see below). This is the password that’s worth changing regularly.
- Some router brands prioritise security and make it easier. For example, Netgear routers force you to change the Admin password when you set them up for the first time.
Sandeep Harpalani, VP Connected Home Products, Netgear, also recommends checking the settings: “Use the highest level of security, like WPA3, which is more secure and protects against weak passwords being cracked by guessing.”
What are examples of good WiFi passwords?
Your Admin password should be impossible to guess and you need to keep a record of it but you won’t use it often. So it can be a random string of letters and numbers. Online password generators are great for this.
Your WiFi password should be more memorable and easier to type because you’ll use it a lot. Random gobbledegook is a pain for that.
Robert Schifreen has a handy way to come up with memorable, secure passwords: “A good rule for choosing strong passwords is ‘two unrelated words, with a number or symbol after each’. Simple as that. So ‘plant=Wagon6’ is a good one.”
Common sense prevails when it comes to storing passwords. If your WiFi password is stuck to your fridge, don’t have your fridge in the background of photos on social media.
“If customers want to store their passwords, they can use a password manager on their phone or save via password protected notes etc… We advise customers to make sure it’s not visible through a window for a passer-by and potential hacker to see,” says Amber Pine, Managing Director of Sky Broadband.
“If you end up with too many passwords to remember, it’s OK to write them down,” says Schifreen. “After all, people who steal passwords generally do it via the internet, not by peeking at your paperwork. Having loads of strong passwords written down is much safer than having loads of weak or similar ones that you can remember off the top of your head. But if you do write them down, don’t make it obvious. Those My Internet Passwords books that you can buy online aren’t ideal!”
How often should I change my WiFi password?
You don’t need to change the Admin password regularly and only you should know it. You won’t use it often but keep it somewhere safe because you will need to use it to change the WiFi password.
Schifreen recommends changing the WiFi password once a year. It’s easy to change… but then you need to type the new password into every smart device in the house.
“How about picking a date every year (a day between Christmas and New Year, maybe, when there’s never anything to do) when you change all your important passwords?” he suggests. So that’s email, banking, shopping etc as well as WiFi.
“Never use the same password on more than one system or website,” he adds. “When hackers manage to break into a system and discover the list of everyone’s email address and password, they use that list to try logging in to hundreds of other systems with the same credentials.”
He also points out that you don’t have to tell your password to house guests, you can offer to type it in for them instead.
Big brands often go further, making it easy to change and manage passwords via a phone app. Sandeep Harpalani explains: “You can always find your password from the Netgear Nighthawk/Orbi router management app. You don’t need to store the password in other places.”
The app in turn is protected by your phone’s usual security (face ID, fingerprint, passcode). You can use the app to manage every aspect of your home internet, including parental controls and pausing the internet to any device.