Why You Should Change Your Router Password and Username

Never leave the default login info enabled on your router

Secure Wireless Network represented by a lock on a router

Godfried Edelman / Getty Images

The first thing you should do after getting a new router is change its default password. Most wireless routers and access points ship with default information preconfigured so that you know how to access the settings to do things like make a Wi-Fi network and change DNS settings.

You read correctly: your router, at least when you first bought it, came with a password and username that anyone can access with a simple search online.

Fortunately, you can change the default router password and username so that hackers have to try much harder to penetrate your network than to just copy/paste the password as it's seen in a router default password list.

Make Your Own Router Password

Hands on computer keyboard with password written over the image
 

A router's default information is often so common that an attacker doesn't even need to do any research. Many vendors use admin or administrator as the password.

Clearly, you need to change the default password for the router, which involves finding the router's IP address and then researching the default login information. Here are some starter lists to check out if you need the default password for your router: Linksys, NETGEAR, D-Link, Cisco, Belkin.

If those instructions don't apply to your specific router, consider looking through the user manual that came with the router. They're often available online, too, straight from the manufacturer's website.

For example, some routers are controlled entirely from a mobile app and aren't even accessible from a web browser, meaning that you don't need to know the default IP address or login information. This is often the case with mesh network routers.

It's vital to use a strong password so that it's harder to guess. On that note, however, a strong password is also hard to remember, so consider storing it in a password manager.

Should I Change the Router's Username?

Some vendors require absolutely nothing for the default username, meaning that so long as someone knows the password to your router, they can get in seconds later.

If your router has an option to change the username, you should. Knowing the username gives an attacker half of the information they need to gain access, so leaving it as the default one is definitely a security concern.

Since most routers use something like admin, administrator, or root for the default username, be sure to pick something more complex. Even adding some numbers or letters to the beginning or end of those defaults makes it tougher to crack than if you left them out.

Consider the username a second password; attackers will need both to gain access to your network, so making them difficult to guess gives you the upper hand.

Other Ways to Protect Your Network

Digital lock on computer motherboard illustration representing digital secutity
Andriy Onufriyenko / Getty Images

Changing the router's username and password is very important but it isn't the only way you can protect your network from attackers. Another method is to use hide the fact that there's a network there at all.

By default, wireless network equipment typically broadcast a beacon signal, announcing its presence as far as the signal can reach, and providing key information necessary for devices to connect to it, including the SSID.

Wireless devices have to know the network name, or SSID, of the network they want to connect to. If you don't want random devices connecting, then you certainly don't want to announce the SSID for anyone to grab and start guessing passwords for.

MAC address filtering is another method for securing your wireless network. When you enable MAC address filtering, you're forcing every device to authenticate on your network with not only the correct username and password but also the right MAC address.

When enforced, devices can connect only if their MAC address (which is unique to each network adapter) matches one on your list of approved devices, thus setting up yet another blockade against hackers.