Internet, Networking, & Security Home Networking Why You Should Change Your Router Password and Username Never leave the default login info enabled on your router By Tony Bradley, CISSP-ISSAP Writer Tony Bradley is a former Lifewire writer and tech journalist who specializes in network and internet security. He is a respected information security expert and prolific author. our editorial process LinkedIn Tony Bradley, CISSP-ISSAP Updated February 25, 2020 Home Networking Routers & Firewalls The Wireless Connection Network Hubs ISP Broadband Ethernet Installing & Upgrading Wi-Fi & Wireless Tweet Share Email The first thing you should do after getting a new router is to change its default password. Most wireless routers and access points ship with default information preconfigured so you can access the settings and do things like make a WiFi network and change DNS settings. You read correctly: your router, at least when you first bought it, came with a password and username that anyone can access with a simple search online. Fortunately, you can change the default router password and username so hackers have to try much harder to penetrate your network. Here's how. Make Your Own Router Password Lifewire A router's default information is often so common an attacker doesn't even need to do any research. Many vendors use admin or administrator as the username and password as the password. Clearly, you need to change the default password for the router, which involves finding the router's IP address and researching the default login information. Here are some starter lists to check out if you need the default password for your router: Linksys, NETGEAR, D-Link, Cisco, Belkin. Consider looking through the user manual that came with your router to find the default login information. Manuals are often available online straight from the manufacturer's website. For example, some routers are controlled entirely from a mobile app and aren't even accessible from a web browser, which means you don't need to know the default IP address or login information. This is often the case with mesh network routers. It's vital to use a strong password so that it's harder to guess. But, a strong password is also hard to remember, so consider storing it in a password manager. Should I Change the Router's Username? Some vendors require absolutely nothing for the default username, which means if someone knows the password to your router, they can get into it in seconds. If your router has an option to change the username, you should do so. Knowing the username gives an attacker half of the information they need to gain access to your device, so leaving the default one unchanged is definitely a security concern. Since most routers use something like admin, administrator, or root for the default username, be sure to pick something more complex. Even adding some numbers or letters to the beginning or end of the default username makes it tougher to crack than if you left them out. Consider the username a second password; attackers need both to gain access to your network, so making them difficult to guess gives you the upper hand. Other Ways to Protect Your Network Changing the router's username and password is very important but it isn't the only way you can protect your network from attackers. Another method is to hide the fact there's a network there at all. By default, wireless network equipment typically broadcasts a beacon signal, announcing its presence as far as the signal can reach and providing key information necessary for devices to connect to it, including the SSID. Wireless devices have to know the network name, or SSID, of the network they want to connect to. If you don't want random devices connecting, then you certainly don't want to announce the SSID for anyone to grab and start guessing passwords for. Is It Worth It to Hide Your Wi-Fi Network? MAC address filtering is another method for securing your wireless network. When you enable MAC address filtering, you're forcing every device to authenticate on your network with not only the correct username and password but also the right MAC address. When enforced, devices can connect only if their MAC address (which is unique to each network adapter) matches one on your list of approved devices, thus setting up yet another blockade against hackers.