Your home Wi-Fi may be vulnerable to hacker attacks, even if you've never noticed any problems. Old encryption protocols like WEP or WPA are easily hacked in a few minutes, and factory passwords like admin/admin become publicly available in a leak database. Updating your network security level isn't just a recommendation, but a necessity for protecting personal data, banking transactions, and smart devices in your home.
In this article you will find step-by-step instructions for routers from different manufacturers (TP-Link, ASUS, Keenetic, MikroTik), comparison of encryption protocols (from obsolete WPA-TKIP to modern WPA3-SAE), as well as hidden settings that are not mentioned in standard manuals. We'll look at how bypass provider restrictions on changing security types (relevant for subscribers with linked routers) and what to do if devices stop connecting after the changes.
Let us warn you right away: some parameters (for example, disabling WPS or change SSID) may require reconnecting all devices. But for security reasons, it's worth spending 20 minutes—it's cheaper than recovering from a hack.
Why Factory Wi-Fi Settings Are Dangerous
Router manufacturers often use standard combinations login/password (admin/password, user/user) and include legacy protocols for compatibility with older devices. Here are three key threats:
- 🔓 WEP encryption: hacked in 5-10 minutes using free utilities like Aircrack-ngEven a 128-bit key won't save you.
- 🕵️ WPS by default: Many routers leave a PIN code
00000000or generate it using an algorithm known to hackers. - 📡 Open ports: firmware vulnerabilities (eg. CVE-2026-1386 For TP-Link Archer) allow you to remotely control the router.
According to the study Kaspersky By 2026, 68% of home networks in Russia will use WPA2-PSK With passwords weaker than 8 characters, it's like locking a door with one turn of a key—a master key will do the job in seconds.
⚠️ Attention: If your router was provided by your ISP (for example, Rostelecom or MTS), some settings may be locked. In this case, you will need call back to support and request to unlock the security menu—refer to "the need to comply with Federal Law No. 152 on the protection of personal data."
What security protocols exist and which one should I choose?
Modern routers support up to five encryption types, but only two of them are relevant in 2026. Below is a comparison table with the pros and cons of each:
| Protocol | Level of protection | Compatibility | Network speed | Notes |
|---|---|---|---|---|
| WEP | 🔴 Very low | Legacy devices (before 2006) | Low (up to 54 Mbps) | Do not use! Hack in 5 minutes. |
| WPA (TKIP) | 🟡 Low | Devices 2006–2012 | Average (up to 300 Mbps) | Vulnerable to attacks KRACK. |
| WPA2-PSK (AES) | 🟢 Tall | All devices after 2012 | High (up to 1 Gbps) | The optimal choice for most. |
| WPA3-SAE | 🟢🟢 Maximum | Devices after 2019 | High (up to 2.4 Gbps) | Brute force protection, but may not be supported by older devices. |
| WPA2/WPA3 Mixed | 🟢 Tall | All devices | High | A compromise for networks with old and new devices. |
Optimal for 90% of users WPA2-PSK (AES) - it is compatible even with Smart TV 2015 and provides reliable protection. WPA3 It's only worth choosing if all your devices were released after 2019 (check the model specifications).
Step-by-step instructions: how to change the security type on your router
The procedure is the same for most models, but menu paths may vary. We'll cover the general method and highlight specific features for popular brands.
- Connect to your router via cable or Wi-Fi
Use
192.168.1.1or192.168.0.1(The address is indicated on the router sticker). The default login/password is usuallyadmin/adminoradmin/password. - Go to the wireless network section
Paths for different routers:
- TP-Link:
Wireless → Wireless Settings → Security - ASUS:
Wireless → General → Authentication Method - Keenetic:
Wi-Fi network → Security - MikroTik:
Wireless → Security Profiles
- TP-Link:
Optimal parameters:
Security Mode: WPA2-PSKEncryption: AES
Password: 12+ characters (Latin, numbers, special characters)
Button Save or Apply Usually at the bottom of the page. After a reboot (1-2 minutes), reconnect.
WPA2-PSK or WPA3 protocol selected|Password contains ≥12 characters|WPS is disabled|SSID does not contain personal information (e.g., last name)|Port 8080 is closed (for advanced users)
-->
If devices do not connect after changing the protocol, check:
- 📱 On your smartphone: Forget the network in your Wi-Fi settings and reconnect.
- 💻 On PC: Update your Wi-Fi adapter driver (relevant for Windows 10/11).
- 📺 On Smart TV: Reset network settings in the device menu.
⚠️ Attention: Some providers (eg Beeline) block changing the encryption type on rented routers. In this case, you will have to either buy your own router or use guest network with a separate password (settings in the section Guest Network).
How to bypass ISP restrictions on changing security settings
If your router is blocked by your ISP, there are three legal ways to improve security:
- Connect your router in bridge mode
Buy a separate router (for example, ASUS RT-AX55), connect it to the provider via the port
WAN, and set up your network with WPA3. The provider's router will remain in the modeBridge. - Use a guest network
Find it in your provider's router menu.
Guest Networkand set it up for her WPA2-PSK With a separate password. Leave the main network as is, but connect all your devices to the guest network. - Replace your router through support
Call your provider and ask them to replace the model with one that supports it. WPA3 (For example, Keenetic Ultra at Rostelecom). Cite the "need for smart home protection"—they often replace it for free.
If none of the options are suitable, you can temporarily improve your protection:
- 🔄 Change your password regularly (once every 3 months).
- 🚫 Disable WPS in the settings (section
Advanced → WPS). - 🕶️ Hide the SSID (option
Hide SSID), but remember: this is not protection, but camouflage.
What happens if I leave WPS enabled?
Hackers can crack your WPS PIN in 4-10 hours (depending on the router model), even if you have a strong Wi-Fi password. They can then access your router settings and change your DNS, redirecting your traffic to phishing sites. For example, when logging in Sberbank Online You will see a fake page that will steal your login and password.
How to create a strong Wi-Fi password
A weak password will ruin all your security efforts. Here are the rules for creating one: unhackable key:
- 🔑 Length ≥12 characters (optimally 16+).
- 🔤 Mix registers:
P@ssW0rdmore reliable thanpassword. - 🎲 Use the generator: For example, Bitwarden or KeePass.
- 🚫 Eliminate personal information: dates of birth, pet names, phone numbers.
Examples of strong passwords:
Tr0ub4dour&M4r3-Blue!(20 characters, mixed cases, special characters).7H3-Qu1ck-Br0wn-F0x(19 characters, easy to remember as a phrase).C0ff33-With-M1lk&Sug4r(20 characters, associative series).
Store your password in a manager (for example, 1Password or Google Password Manager) and update it quarterly. If you're worried about forgetting, write it down on paper and keep it in a safe place (but not on the router!).
Wi-Fi Security Check: Tools and Tests
After changing your settings, check how reliable your network is. Here are three free methods:
- Wi-Fi scanner for Android/iOS
Install WiFi Analyzer (Android) or Network Analyzer (iOS) and check:
- 🔍 Your network encryption type (must match the configured one).
- 📶 Neighbors' signal: if you see networks with WEP, do not connect to them.
Go to grc.com/shieldsup (from a computer connected to your Wi-Fi) and run the test ShieldsUP!It will show open ports and vulnerabilities.
Enter your password (not SSID!) on howsecureismypassword.net — the service will estimate how long it will take to brute force.
If tests show problems:
- 🔧 Update your router firmware (chapter
Administration → Firmware Upgrade). - 🔄 Change Wi-Fi channel (manually select 1, 6 or 11 for 2.4 GHz).
- 🛡️ Turn on the firewall (option
SPI Firewallin the settings).
⚠️ Attention: Router interfaces and login addresses may vary depending on the model and firmware version. If you can't find these sections, download the manual for your model from the manufacturer's official website (e.g., tp-link.com/support).
Common mistakes and how to avoid them
Even experienced users sometimes make mistakes when setting up security. Here are the top 5 mistakes and their solutions:
| Error | Consequences | How to fix |
|---|---|---|
| Usage TKIP instead of AES | Speed reduction to 54 Mbps, vulnerability to KRACK | In the encryption settings, select AES or CCMP |
| Password is too short (<8 characters) | Hacking in a few hours | Set a password of ≥12 characters with numbers and special characters |
| Included WPS | Vulnerability to attacks Pixie Dust | Disable WPS in the section Advanced → WPS |
| Open ports (80, 8080, 7547) | Remote control of a router by hackers | Close the ports in Firewall → Port Forwarding |
Usage admin as a login |
Easy access to the control panel | Change your login to a unique one. Administration → Management |
If the Internet is lost after the changes:
- Check if the settings have been reset PPPoE (for providers like Dom.ru).
- Make sure that DHCP included (section
LAN → DHCP Server). - Reset the router to factory settings (button
Resetfor 10 seconds) and set up again.
FAQ: Answers to Frequently Asked Questions
Can I use WPA3 if I have an older smartphone?
If your smartphone was released before 2019 (for example, iPhone 8 or Samsung Galaxy S8), it does not support WPA3In this case, select WPA2/WPA3 Mixed Mode — the router will automatically select a compatible protocol for each device.
How do I find out what security protocol my network uses?
On Windows: open Control Panel → Network and Sharing Center → Wireless Network Properties and look at the line "Security Type". Android install the application WiFi Analyzer and tap on your network. iOS This information is not displayed - use third-party utilities like AirPort Utility.
What should I do if my devices won't connect after changing the password?
First, check if you entered the new password correctly. If so, then:
- "Forget" the network on your device and reconnect.
- Update your Wi-Fi adapter driver (relevant for PC).
- Check if it is enabled on the router MAC filter (it can block new devices).
How to protect your Wi-Fi from neighbors who connect without permission?
In addition to changing the password and protocol:
- 🔄 Change the SSID to the non-obvious (do not use your last name or address).
- 📵 Disable WPS And UPnP (chapter
Advanced). - 🕵️ Enable MAC filtering (allow connection only to your devices).
- 📡 Reduce signal strength (option
Transmit Power), if the neighbors are physically far away.
Do I need to change my password if I already have WPA2?
Yes, if:
- Password is shorter than 12 characters.
- You gave it to guests or neighbors.
- More than a year has passed since the last shift.
- You suspect that someone is connecting without your knowledge (check the list of devices in
DHCP Client List).
Changing your password regularly (every 3-6 months) is a simple habit that will make life difficult for hackers.