Most homes never change router passwords, guide warns

Insurance specialist Everywhen has published a 10-step guide to securing home Wi‑Fi networks, citing survey findings that most households have not changed their router administrator password.

The guidance targets common risks created by connected devices in the home, including televisions, laptops, tablets, phones, games consoles, smart thermostats and video doorbells. These devices often share the same network as personal computers and smartphones, which can store login credentials and personal data.

The guide opens by advising users to change the default router username and password. It cites research from Broadband Genie showing that more than 86% of respondents had never changed their router administrator password.

Home routers often ship with default credentials printed on labels or included in documentation. Those details can circulate online, particularly for older models. Changing administrator access details reduces the risk of someone accessing the router's control panel and changing security settings.

A spokesperson said the guide responds to everyday habits around home connectivity and the growing number of smart devices.

"Home Wi‑Fi networks are something we all take for granted, but do we do enough to protect them from hackers? Once they get into a home Wi‑Fi network, they can spy on homeowners, steal login details and personal data, and upload malware. Our guide is designed to provide vital extra protection from hackers in the simplest and most effective ways," the spokesperson said.

Connected Devices

The second step focuses on identifying who and what is using the network. Everywhen says only 25% of people check which devices are connected to their home network. Many routers show a list of connected devices on an administrator page. Unrecognised connections can indicate a compromised password, a misconfigured device, or an unauthorised guest.

The guide also advises against letting others join a home network casually. Once connected, a device may be able to see other devices and shared resources, depending on router and device settings.

It also recommends setting up a guest network for visitors. Many consumer routers support separate guest credentials with limited access to the main network, allowing households to share internet access without exposing other connected devices.

Network Visibility

Several steps address the Wi‑Fi network name, known as the SSID. The guide suggests turning off SSID broadcasting so the network does not appear in the list of available Wi‑Fi networks on nearby devices. While this will not stop a determined attacker, it can reduce casual discovery by people scanning for networks.

It also recommends changing the SSID name. Some network names include the router model or manufacturer, which can reveal information about the hardware and make it easier for attackers to target known weaknesses in specific models.

Another step urges homeowners to disable remote administration, which allows router settings to be changed without being connected to the home network. This can be a security risk if an attacker reaches the remote management interface and attempts to guess passwords or exploit software flaws.

Encryption And Updates

The guide advises enabling WPA3 encryption where available. WPA3 is a newer Wi‑Fi security standard than WPA2, improving protection during the initial connection between a device and the network and strengthening encryption used to protect wireless traffic.

Compatibility can be a constraint, as some older devices do not support WPA3. Households may need to check settings on routers and connected devices, or use mixed modes that allow both WPA2 and WPA3 connections.

Firmware updates are another part of the checklist. Router makers issue updates to fix security issues and improve stability. Many routers require manual updates through their administration interface, although some models can update automatically if the feature is enabled.

Physical Placement

The guide also touches on router placement. Routers often sit near an internet entry point, such as a phone socket or fibre termination point. Everywhen recommends moving the router to a more central location where practical, which can improve indoor coverage and reduce the chance of the network being intercepted from outside the property.

The final step suggests turning off Wi‑Fi during holidays or business trips to reduce the window of opportunity for opportunistic attacks while the network is unattended. The guide notes that households with smart devices requiring constant connectivity may need to keep their network active.