How to secure your home or office Wi-Fi

Lock down your wireless network to make sure unauthorised users can't get access

By default, wireless routers and access points have security turned off. Without Wi-Fi security enabled, anyone nearby can leech off your wireless Internet, see where you're browsing, capture your passwords to some websites, and possibly access your PCs and files. Some models help you turn security on via a wizard during initial setup or recommend using buttons or PINs; others require you to enable it manually via the router's Web interface.

But even with Wi-Fi Protected Access 2 (the latest security standard) enabled, hackers can exploit vulnerabilities to crack your Wi-Fi security. Here's how to combat these weaknesses.

The most recently discovered major Wi-Fi vulnerability involves the Wi-Fi Protected Setup feature found in most Wi-Fi routers made since 2007. Though WPS doesn't provide security itself, it's supposed to simplify turning on the personal (PSK) mode of WPA or WPA2 security.

Networking manufacturers can incorporate two methods of using WPS to help secure and connect your Wi-Fi devices. In the PIN method--the source of the latest vulnerability--you enter the eight-digit PIN assigned to your router into Wi-Fi-equipped computers and devices that also support WPS, in order to connect them to the wireless router. The alternative is to assign a PIN to your PC or to any other Wi-Fi-equipped device that supports WPS and then enter it into your router's Web interface in order to connect the device to the network.

Faulty underlying design of the WPS PIN method on routers makes it easier for an attacker to crack the PIN combination by brute force using software tools that repeatedly guess the PIN. Manufacturers can add enhancements to combat such attacks on their routers, but most of them haven't yet done so.

Two existing tools--Reaver and wpscrack--can automate the cracking. Depending on the exact wireless router, these tools can usually figure out a network's PIN and full Wi-Fi password (the WPA or WPA2 passphrase) within a few hours.

The WPS cracking process can also lock-up your wireless router, thus causing a denial-of-service attack. This can lead to major performance problems on your network and even stop it from working altogether until you reset your router.

Fixing the Vulnerability

If your router supports WPS, it's vulnerable. Look for an eight-digit PIN printed on the bottom or a WPS logo on the router. If you don't see either one, run a Google search for your model number, and find its product description or data sheet online. If you still have the box, examine it. If your router doesn't support WPS, then it isn't subject to this WPS vulnerability.

If your router does support WPS, log in to your router's Web-based configuration panel: From a computer that is connected to your network, open your Web browser and type in your router's IP address--a numerical string such as or If you don't know your router's IP, in Windows Vista or 7, open the Network and Sharing Center via its icon near the lower right corner of Windows. In Vista, click Manage Network Connections; in Windows 7, click Change Adapter Settings. Double-click the network connection you're using; and in the dialog box, click Details. Finally, you'll see the router's IP listed as the Default Gateway.

If you can't remember the password for logging in to the router control panel, you may not have changed it. Try the default username and password listed in the router's documentation or online (at If your Internet provider supplied the router, check the hardware itself. As a last resort, press the router's reset button to return to the factory default settings, but don't forget to enable security afterward.

Log on and find the WPS settings; they may be in the wireless or advanced section. Save or apply any changes.

Disabling WPS -- and Beyond

If your router uses WPS, consider disabling it (if possible). Unfortunately, on some routers, disabling WPS via the Web interface doesn't turn it off completely. To double-check, try to enter the router's PIN on a Wi-Fi-equipped computer or device that supports WPS.

If you previously used WPS to secure your network, you can find the Wi-Fi password (the WPA or WPA2 PSK passphrase) that it created in the router's wireless settings after you log on to the interface. When you want to join more Wi-Fi computers and devices to your network, you can enter that password.

For peace of mind, the best strategy may be to buy a router that doesn't have the WPS feature. That fact usually appears in the product description or data sheet online or on the box in stores. If you're willing to tinker, check to see whether your router is compatible with free aftermarket firmware that doesn't have WPS, such as DD-WRT or Tomato.

In time, manufacturers may release firmware updates to fix their routers' WPS vulnerabilities, so search the online support section for your model. If the release notes for firmware updates from as recently as this year show WPS changes, upgrading your router's firmware should patch the security hole.

Small businesses (and security fanatics at home) that have wireless routers featuring WPS can also consider using enterprise-level Wi-Fi security, which even consumer-level routers support. This is a more secure mode of WPA/WPA2 security, and it doesn't use WPS, so you aren't exposed to the vulnerability. The enterprise mode is also called the 802.1X or EAP mode, whereas the personal mode (the one vulnerable to WPS weakness) is technically called the preshared key (PSK) mode.

The enterprise mode of WPA/WPA2 security uses 802.1X authentication, which requires some sort of external authentication (or RADIUS) server. But services are available that can host such a server for you.

Session Hijacking and Password Capturing

Another major Wi-Fi security threat that has surfaced in the past few years comes from tools that allow anyone eavesdrop on wireless traffic capture passwords or other information. Tools such as the Firefox add-on Firesheep and the Android app DroidSheep make it easy for anyone on your Wi-Fi network to hijack your online accounts. As a result, if eavesdroppers run the tool as you log on to a website that isn't secured with SSL/HTTPS encryption (for example, some social networking and email sites--look for "https" in the URL to determine whether the site is encrypted), they can then get onto your account.

People can perform only session hijacking and password capturing if they are on the same network as you or if the network isn't secured, such as by using WPA/WPA2. It's not something to worry about on your home network unless you don't secure your Wi-Fi properly or you don't trust other users. But it is something of concern for business networks. and it can be prevented with enterprise Wi-Fi security.

Weak Wi-Fi Passwords

Your WPA and WPA2 passwords are susceptible to brute-force dictionary-based cracking (basically, where hackers guess your password using software tools that repeatedly guess). If your router's password is a word listed in the dictionary--or something close to such a word--it's highly vulnerable to cracking. Use a long passphrase (one of at least 13 characters and as many as 63 characters) with mixed case and random letters, numbers, and other ASCII characters. A gibberish password like this one will hold up: q$3^cP&/S#z;2%D,7x)h. Or see "How to Build Better Passwords Without Losing Your Mind" for guidance on devising strong passwords that you'll be able to remember.

For more Wi-Fi security tips, read "How to Lock Down Your Wireless Network."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Eric Geier

Eric Geier

PC World (US online)
Show Comments


Brother MFC-L3745CDW Colour Laser Multifunction

Learn more >



Sony WH-1000XM4 Wireless Noise Cancelling Headphones

Learn more >


Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?