The One Router Setting Everyone Should Change (But No One Does)
The vast majority of home Wi-Fi users don't know the first thing about keeping their routers secure, a new survey finds.
Eighty-two percent of 2,205 people surveyed said they had never changed their router's default administrative password. Similarly, 82 percent had never changed the default network name, 86 percent had never updated the router's firmware, 70 percent had never checked to see if any unknown devices were on their networks and 69 percent had never even changed the default Wi-Fi access password.
More than half the people surveyed — 51 percent — said they had never done any of these things, and 48 percent didn't understand why they would even need to.
We hate to sound like fussy schoolmarms, but doing each of these things is important, none more so than changing the default administrative password.
If you don't do at least that, then chances are very good that hackers using lists of default router passwords can dial into your router from afar, see what you're doing online, redirect your web traffic to malicious sites or draft your router into a botnet zombie army.
The survey was commissioned by the British website Broadband Genie, and the respondents were all residents of the United Kingdom. But let's not dismiss the results as applicable to only one country — American or Canadian broadband users aren't any smarter than their British counterparts.
When asked why they hadn't taken these basic steps, 34 percent of the respondents said they didn't know how, six percent said they couldn't understand the instructions and three percent said the software was confusing. And these were the 52 percent of respondents who at least knew they should do these things.
We can't completely blame the users for their ignorance, just as we can't expect every car owner to know how to change the oil or adjust the brakes. But at least most car owners know they should get a mechanic to do those things for them. By contrast, ISPs and router makers have clearly not done enough to educate their customers on the basics of router security.
Some newer routers don't expect their users to know all this -- they come with randomized administrative passwords or network names, or force you to change the default administrative password when you set a router up.
Many mesh routers automatically update their own firmware, which is also good, though it won't do much to protect you if the administrative password is still the factory default.