Home Wi-Fi security advice tends to focus on the wrong things — complex firewall rules that most people will never configure and VLANs for IoT devices that require enterprise-level knowledge to set up. Here’s what actually matters for most households.
Change the default admin password on your router
This is the most overlooked step and one of the most important. Every router ships with a default admin username and password — usually something like admin/admin or admin/password. These defaults are published online and are the first thing automated attacks try.
To access your router’s admin panel, type 192.168.1.1 or 192.168.0.1 into your browser (one of those will work for most routers — check the label on the back if neither works). Log in with the default credentials, find the admin password settings, and change it to something strong. Store it in your password manager. You’ll rarely need it, but it should be secure when you do.
Use WPA3 or WPA2 encryption — not WEP or “open”
WEP is a decades-old encryption standard that can be cracked in minutes. If your router offers it, don’t use it. WPA2 is the current standard and is secure for home use. WPA3 is newer and better — use it if your router supports it and your devices are compatible.
In your router’s wireless settings, look for “Security Mode” or “Authentication.” Set it to WPA3 if available, otherwise WPA2. If you see WPA2/WPA3 mixed mode, that’s fine — it supports both. Never leave a network set to “Open” or “None.”
Use a strong, unique Wi-Fi password
Your Wi-Fi password is what keeps neighbors and passersby off your network. It needs to be strong enough to resist brute-force attacks — at least 12 characters, mixing letters, numbers, and symbols. A random string from your password manager works perfectly.
Don’t use your address, your name, your birthday, or the default password printed on the router’s label. Default passwords are often derived from patterns and can be guessed. You’ll rarely need to type this password — devices remember it — so make it strong.
Keep your router’s firmware updated
Router manufacturers release firmware updates to patch security vulnerabilities. Most people never install them. Check your router’s admin panel for a firmware update option — it’s usually under Administration, Advanced, or a similar menu. Some routers can be set to auto-update; enable that if it’s available.
If your router is more than five or six years old, the manufacturer may have stopped releasing security updates for it. An unpatched router with known vulnerabilities is a significant risk. Consumer routers from brands like Asus, TP-Link, and Eero are inexpensive and come with reasonable update cycles.
Use a separate network for IoT devices
Smart TVs, cameras, thermostats, and other IoT devices are notoriously poorly secured. They often have vulnerabilities that never get patched and can serve as entry points into your network. The mitigation: put them on a separate Wi-Fi network (called a guest network or VLAN) so they can’t communicate with your computers and phones.
Most modern routers support a guest network. In the router admin panel, look for Guest Network settings. Create a separate SSID (network name) with its own password, and enable the “Client isolation” or “AP isolation” option — this prevents devices on that network from talking to each other or to your main network. Connect all your smart home devices to this network instead of your main one.
What you can safely skip
Hiding your SSID (making your network not show up in the list) doesn’t improve security meaningfully — the network is still discoverable with basic tools. MAC address filtering is tedious to maintain and trivially bypassed by anyone with modest technical knowledge. These are security theater; the steps above provide real protection.
The bottom line
Change the router’s admin password, set encryption to WPA2 or WPA3, use a strong Wi-Fi password, keep firmware updated, and move IoT devices to a guest network. That’s the complete list of home Wi-Fi changes that actually matter. An hour of setup, significantly reduced exposure.