The One Router Setting Everyone Should Change (But No One Does)

The vast majority of home Wi-Fi users don't know the first thing about keeping their routers secure, a new survey finds.

Creidt: Maxx-Studio/Shutterstock

Creidt: Maxx-Studio/Shutterstock

Eighty-two percent of 2,205 people surveyed said they had never changed their router's default administrative password. Similarly, 82 percent had never changed the default network name, 86 percent had never updated the router's firmware, 70 percent had never checked to see if any unknown devices were on their networks and 69 percent had never even changed the default Wi-Fi access password.

More than half the people surveyed — 51 percent — said they had never done any of these things, and 48 percent didn't understand why they would even need to.

MORE: Your Router's Security Stinks: Here's How to Fix It

We hate to sound like fussy schoolmarms, but doing each of these things is important, none more so than changing the default administrative password.

If you don't do at least that, then chances are very good that hackers using lists of default router passwords can dial into your router from afar, see what you're doing online, redirect your web traffic to malicious sites or draft your router into a botnet zombie army.

The survey was commissioned by the British website Broadband Genie, and the respondents were all residents of the United Kingdom. But let's not dismiss the results as applicable to only one country — American or Canadian broadband users aren't any smarter than their British counterparts.

When asked why they hadn't taken these basic steps, 34 percent of the respondents said they didn't know how, six percent said they couldn't understand the instructions and three percent said the software was confusing. And these were the 52 percent of respondents who at least knew they should do these things.

We can't completely blame the users for their ignorance, just as we can't expect every car owner to know how to change the oil or adjust the brakes. But at least most car owners know they should get a mechanic to do those things for them. By contrast, ISPs and router makers have clearly not done enough to educate their customers on the basics of router security.

Some newer routers don't expect their users to know all this -- they come with randomized administrative passwords or network names, or force you to change the default administrative password when you set a router up.

Many mesh routers automatically update their own firmware, which is also good, though it won't do much to protect you if the administrative password is still the factory default.

Boost Your Wi-Fi - Best Extenders

TOPICS
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Latest in Routers
The eero Pro 7 next to the eero Max 7 on a desk
Eero Pro 7 vs Eero Max 7: Which Wi-Fi 7-powered eero mesh system should you buy?
Eero Pro 7 sitting on counter
Eero Pro 7 review: Fast Wi-Fi 7 mesh speeds simplified
Netgear Orbi 873 on desk
Netgear Orbi 870 review: A great Wi-Fi 7 mesh kit for long range performance
TP-Link's Deco BE65-Outdoor Wi-Fi 7 mesh node mounted to a pole at CES 2025
TP-Link’s new outdoor mesh extender will give you true Wi-Fi 7 speeds right in your backyard
The MSI Roammii BE Lite dual-band mesh Wi-Fi 7 router on a table
Upgrading to Wi-Fi 7 is about to get more complicated — and these new routers are to blame
TP- Link Archer AX55 sitting on desk
This Chinese router company with 65% market share in the US could be banned — what you need to know
Latest in News
NYTimes Connections
NYT Connections today hints and answers — Saturday, March 15 (#643)
iPhone 17 Pro render
iPhone 17 Ultra just tipped to replace Pro Max in new leak — with these key upgrades
RCS messaging on an iPhone
Forget green bubbles — iPhones will soon get encrypted RCS messaging to Androids
CAD renderings of the Google Pixel 10 Pro
Latest Google Pixel 10 leak could make you want to skip it altogether
Nintendo Switch 2
Nintendo Switch 2 — analysts say it will be massive hit even with price hike
Jason Sudeikis as Ted Lasso in Ted Lasso season 3
‘Ted Lasso’ season 4 is official — here’s what Jason Sudeikis revealed
  • david.oberry
    Don't forget turning off the bane of security existence...WPS
    Reply
  • Captain boomerang
    Costs by security experts are way too high when it comes to changing modem security settings. As far as doing it yourself it will always need an IT certiciate to understand the settings...Nothing is logical and every manual if it comes with a modem too confusing as designed to be so....
    Reply
  • Paul Wagenseil
    21011396 said:
    Costs by security experts are way too high when it comes to changing modem security settings. As far as doing it yourself it will always need an IT certiciate to understand the settings...Nothing is logical and every manual if it comes with a modem too confusing as designed to be so....

    Thanks, but this is about home wireless routers, not broadband modems.
    Reply