Password Management for Home Network Routers

Choose a good password for your router

router cables plugged in

deepblue4you/Getty Images

Home broadband routers provide configuration functions for setting up and managing the local network. To protect routers and their networks from malicious attacks, owners must log in with a password before they can change or even see the configuration settings. Router passwords are a highly effective security aid when they are used correctly, but they can also be a source of frustration.

Default Router Passwords

Manufacturers of broadband routers build their products with preset (default) passwords. Some router vendors assign the same default password across all their products, while others use a few different variations depending on the model. Whether you purchase a router directly from the manufacturer or through a retail outlet, the router’s password is set to the same default. In fact, millions of routers sold around the world from various vendors all use the password admin, the most common default choice.

The majority of routers ship with the default password admin or none (a blank field for the password) paired with a default username of admin or none.

For more information:

Changing Router Passwords

Default passwords for all mainstream routers are public information widely posted on the internet. Hackers can use this information to log in to other people’s routers and take over entire networks. To improve network security, you should immediately change the default passwords on your router when you bring a new one into your home.

Changing a router’s password involves logging into the router’s console with its current password, choosing a good new password value, and finding the location inside the console screens to configure the new value. Exact details vary depending on the kind of router involved, but all routers provide a user interface for this purpose. Some routers additionally support an advanced feature that causes a password to expire automatically after a set number of days, forcing owners to change it periodically. Security experts recommend using this feature as well as choosing strong router passwords that are tough for others to guess.

Changes to a router's password do not affect the ability of other devices in the home to connect to the router.

Recovering Forgotten Router Passwords

Owners tend to forget the password their routers are configured with unless they log in to them regularly. This isn't a good excuse to keep a manufacturer's default password in place! For obvious security reasons, routers won’t show their password to someone who doesn't already know it. Owners can use either of two approaches to recover router passwords they have forgotten.

Recovering a Router Password Using Software

Third-party software utilities called password recovery tools provide one way to uncover forgotten passwords. Some of these tools run only on Windows PCs, but others are designed to work with routers. The most popular password recovery tools implement mathematical techniques including so-called dictionary attacks to generate as many different password combinations as possible until they guess the right one. Some people refer to this type of tool as cracker software because the approach is popular with network hackers.

You can safely run password recovery tools on your own routers but should never introduce the software onto other networks because of possible severe legal consequences.

Such tools are likely to succeed in recovering the password eventually, but they may take many days to accomplish the task, depending on the choice of tool and how easy or difficult the password is to crack. A few alternative software utilities such as RouterPassView simply scan a router for passwords it may keep stored in backup locations of its memory rather than running elaborate guessing algorithms. Compared to cracker utilities, these scanning tools run much faster but are less likely to succeed.

Recovering a Router Password With a Reset

The hard reset procedure provides a more convenient alternative to router password recovery than the software options. Instead of spending time and energy trying to discover an old password, resetting the router allows the owner to erase the password and start fresh with a new configuration. All routers incorporate a hard reset capability that involves turning the unit off and on while following a particular sequence of steps.

The 30-30-30 hard reset rule for routers works for most types, but specific router models may support other variations. Powering a router off and on by itself (a soft reset procedure) does not erase passwords. The extra steps of a hard reset must also be followed. Note that a router hard reset erases not only saved passwords but also wireless keys and other configuration data, all of which must be reconfigured by an administrator.

The 30-30-30 router reset, which returns your router to its factory default condition, takes only 90 seconds:

  1. With the router turned on, press the reset button for 30 seconds.

  2. While holding down the reset button, unplug the router for another 30 seconds.

  3. Still holding down the reset button, restore the power and hold for another 30 seconds.

After you reset the router, log in with the original default password, which you can get from the manufacturer's website or your device documentation if you kept it. You should immediately change the default password to a strong password that you write down somewhere so you won't have to go through this process again in the future.