You've just installed a new router, connected all your devices, and suddenly discovered that your internet speed has dropped dramatically, and unfamiliar devices have appeared in the list of connected devices. Android-123456 or iPhone_UnknownSound familiar? Without a strong password, your Wi-Fi network becomes easy prey for neighbors, hackers, or even botnets that steal traffic for cryptocurrency mining or DDoS attacks.
According to data Kaspersky for 2026, 68% of home networks in Russia remain vulnerable due to weak passwords or outdated encryption protocols. 4 out of 5 users They don't even suspect their router has been hacked until they receive a bill for exceeding their data limit or encounter viruses on their connected devices. This article will not only help set a password for Wi-Fi, but also to choose optimal security settings, avoid common mistakes and check the network for leaks.
We will walk you through the process step by step for routers of different brands (TP-Link, ASUS, Keenetic, Xiaomi, MikroTik), we will explain the difference between WPA3 And WPA2We'll show you how to detect "unnecessary" devices on your network and provide a checklist for an annual security audit. Whether you're setting up a network for the first time or want to update old settings, you'll find up-to-date solutions for 2026 here.
1. Why Open Wi-Fi Is Dangerous: 5 Real Threats
Many users mistakenly believe that "nothing bad will happen" if they leave their network passwordless for "a couple of days." In reality, even a few hours without protection can lead to serious problems:
- 🕵️♂️ Identity theft. Through an unsecured network, attackers can intercept traffic (including social network passwords, bank details, correspondence) using tools like Wireshark or Ettercap.
- 🚨 Spread of viruses. Once connected to your network, a hacker can infect all devices (including smart bulbs and TVs) through protocol vulnerabilities.
UPnP. - 💸 Excess traffic. Neighbors or botnets may use your connection for downloading torrents, streaming in 4K, or mining, causing your ISP to block your internet for exceeding the limit.
- 📡 Router attacks. Obsolete models (D-Link DIR-300, Tenda N301) are vulnerable to exploits that allow complete control over the device.
- ⚖️ Legal liability. If illegal actions are committed through your IP (for example, downloading pirated content), proving your innocence will be extremely difficult.
In 2026, Roskomnadzor recorded a 120% increase in complaints about "foreign traffic" compared to 2026—in most cases, unsecured Wi-Fi networks were to blame. At the same time 73% of users They only found out about the hack after their internet provider blocked their internet connection.
⚠️ Attention: If you are using a router provided by your ISP (for example, Rostelecom or MTS), check if your security settings were reset to factory defaults after updating your firmware. Some carriers automatically disable the password when resetting.
2. Which encryption type should you choose: WPA3 vs. WPA2 vs. WEP
Before setting a password, you need to choose security protocol — this determines how secure your network will be. In 2026, three options are relevant:
| Protocol | Security level | Speed of work | Device support | When to use |
|---|---|---|---|---|
WPA3-Personal |
⭐⭐⭐⭐⭐ | High | Devices after 2019 | The optimal choice for the home |
WPA2-PSK (AES) |
⭐⭐⭐⭐ | Average | All devices | If you have old gadgets (before 2018) |
WPA/WPA2 Mixed |
⭐⭐⭐ | Low | All devices | Workaround for migrating to WPA3 |
WEP |
⭐ (hacked in 5 minutes) | Low | Obsolete devices | Never use! |
WPA3 — the most modern standard (adopted in 2018), which fixes vulnerabilities WPA2, for example, an attack KRACKHe uses individual traffic encryption for each device (even if the password is the same) and is protected from brute-force attacks thanks to the protocol SAE (Dragonfly).
However WPA3 do not support older devices (eg Samsung Galaxy S7, iPhone 6 or smart sockets Xiaomi 2017). If you have such gadgets in your network, you will have to use WPA2-PSK with encryption AES (Not TKIP!). Combined mode WPA/WPA2 Mixed less secure, but may be necessary for a smooth transition.
⚠️ Attention: If your router only offersWEPorWPA-TKIP, urgently update the firmware or replace the device. These protocols can be hacked in minutes using free tools like Aircrack-ng.
3. Step-by-step instructions: how to set a password for Wi-Fi
The setup process varies slightly depending on the router model, but the general process is the same. We'll cover the general process and then highlight the specifics for popular brands.
Step 1: Connect to the router
Connect your computer or phone to the router via cable (LAN) or via Wi-Fi (if the network is still open). To access the settings, you'll need:
- 🌐 Router IP address (usually
192.168.0.1,192.168.1.1or192.168.8.1). - 🔑 Login and password (by default often
admin/adminor indicated on the device sticker).
Step 2: Login to the Control Panel
Open your browser and enter your router's IP address in the address bar. If the page doesn't open:
- 🔌 Check the cable connection.
- 🔄 Reboot your router (using the button)
Resetfor 10 seconds). - 📱 Try a different browser or device.
☑️ Preparing to set up your router
Step 3: Find the Wireless Network section
Find the tab in the router menu Wi-Fi, Wireless or Wireless network. It is usually located in the main menu or section Network.
Step 4: Set security settings
In Wi-Fi settings:
- In the field
SSIDenter network name (better without personal data). - In the section
SecurityorProtectionselectWPA3-Personal(orWPA2-PSK, if there is no WPA3 support). - In the field
PasswordorPasswordCome up with a secure code (recommendations below). - Save settings (button
Save,ApplyorApply).
Step 5: Reconnect all devices
After changing the password, all devices will be disconnected from the network. Reconnect them by entering the new password.
Features for popular routers
The interface may vary depending on the model. Here are brief instructions for popular brands:
- 🔧 TP-Link: Chapter
Basic → Wireless. INWireless SecurityselectWPA/WPA2-Personal(even if there is WPA3, sometimes it is hidden in advanced settings). - 🔧 ASUS:
Wireless Network → General. OptionAuthentication method— chooseWPA3-Personal. - 🔧 Keenetic:
Wi-Fi → Hotspot. INProtectionplease indicateWPA3 with transition modefor compatibility. - 🔧 Xiaomi: In the mobile app Mi Wi-Fi go to
Wi-Fi Settings → Security.
⚠️ Attention: On routers Zyxel Keenetic and some models ASUS After updating the firmware, the encryption type may be reset WPA2-TKIPAlways check your settings after upgrading!
4. How to create a strong Wi-Fi password
Weak passwords are the leading cause of home network hacking, according to Positive Technologies, 89% of passwords It can be cracked in a day using brute-force attacks. Here are the rules for creating secure code:
- 🔐 Length: Minimum 12 characters (optimally 16+).
- 🎲 Complexity: A combination of uppercase and lowercase letters, numbers and symbols (
!@#$%^&*). - 🚫 What to avoid: Dates of birth, names, dictionary words, repeating characters (
1111,qwerty). - 🔄 Update: Change your password every 6 months.
Examples unreliable passwords:
12345678(hacked in 0.5 seconds)password(top worst passwords for 5 years in a row)Ivanov1985(personal data + simple combination)
Examples reliable passwords:
Tr0ub4dour&M4rvol0(phrase with letters replaced by symbols)C0ff33$h0p!L0v3(associative array + special characters)7H!5_P@$$w0rd_15_S@f3(long phrase with separators)
To avoid forgetting complex passwords, use managers like KeePass, 1Password or built into browsers. Never store your Wi-Fi password in plain text (for example, on a sticker on the router)!
5. How to check who is connected to your Wi-Fi
Even after setting a password, it's worth periodically checking the list of connected devices. This will help identify "unnecessary" gadgets or botnets. There are two ways to do this:
Method 1: Through the router control panel
Most routers have a section DHCP Clients, Connected Devices or Client list. The following are displayed there:
- 📱 IP address devices.
- 🔗 MAC address (unique identifier).
- 🕒 Connection time.
- 📶 Host name (if the device broadcasts it).
Unknown devices can be blocked by MAC address (in the section MAC Filter or MAC filter). However, this method does not provide 100% protection - MAC address easy to counterfeit.
Method 2: Using mobile apps
Convenient utilities for network analysis:
- 📱 Fing (iOS/Android) — shows all devices, scans ports for vulnerabilities.
- 📱 WiFi Guard (Android) - Notifies about new connections.
- 📱 NetScan (iOS) — creates a network map indicating device manufacturers.
If you find an unfamiliar device:
- Change your Wi-Fi password.
- Update your router firmware.
- Turn on
MAC address filtering(although this is not a panacea). - Check your router for viruses (for example, through Dr.Web CureIt!).
How to recognize a botnet in your network?
Botnets often disguise themselves as devices with random MAC addresses (e.g., 00:1A:2B:...) and generate large amounts of traffic on non-standard ports (e.g., 4444, 6667). If you notice such a device, immediately disconnect your internet connection and reset your router.
6. Additional security measures for Wi-Fi
A password is just the first step. To make your network truly secure, follow these recommendations:
1. Disable WPS
WPS (Wi-Fi Protected Setup) — a convenient feature for quickly connecting using a PIN code, but it contains a critical vulnerability. Hackers can guess your PIN in a few hours, even if you have a strong password. Always disable WPS in the router settings!
2. Change the default admin login/password
By default, many routers use admin/admin or admin/blank passwordChange this data to complex in the section System Tools or Administration.
3. Enable the guest network
If you have frequent guests, create a separate network with limited access:
- 🔄 Separate
SSID(For example,MyWiFi_Guest). - 🔒 Separate password.
- 🚫 Restricting access to the local network (settings)
AP Isolation).
4. Update your router firmware
Manufacturers regularly release updates to patch vulnerabilities. Check your firmware every three months in the section Firmware Upgrade or Software update.
5. Set up a firewall
Enable the built-in firewall (Firewall) and disable:
- 🔌
UPnP(vulnerable to external attacks). - 🌍
Remote control(if not needed). - 📤
Port Forwardingfor unnecessary ports.
6. Hide SSID: Is it worth it?
Many people advise hiding the network name (Hide SSID), but this false security. SSID is easy to find using Wireshark or Airodump-ng, and a hidden network creates inconvenience for legitimate users. It's better to spend time on a strong password and disabling WPS.
7. Common Wi-Fi Security Mistakes and How to Avoid Them
Even experienced users sometimes make mistakes that can ruin all their network security efforts. Here are the most common ones:
| Error | Consequences | How to fix |
|---|---|---|
Usage WEP or WPA-TKIP |
The network is hacked in minutes | Switch to WPA3 or WPA2-AES |
| Short password (less than 8 characters) | Brute force attack in 1–2 hours | Set a password of 12+ characters |
Included WPS |
Vulnerability to attack Pixie Dust | Disable in router settings |
| Standard admin login/password | A hacker gains complete control over a router. | Change to complex data |
| Lack of firmware updates | Exploits for older software versions | Enable automatic updates |
Another common mistake is Using one password for Wi-Fi and the router admin panelIf a hacker picks it up, he will gain access not only to the Internet, but also to all network settings, including DNS And Port Forwarding.
Also, many people forget about physical security router. If the device is in an accessible location (for example, in a building's hallway), an attacker can reset the settings using the button Reset and gain access to an unsecured network.
8. What to do if your Wi-Fi has already been hacked?
If you notice signs of hacking (unknown devices, slow internet, redirects to strange websites), follow this algorithm:
- Turn off the Internet. Pull out the cable
WANfrom the router or disconnect it from the power supply. - Reset settings. Click the button
Resetfor 10-15 seconds (usually it is recessed into the body and requires a paper clip). - Update the firmware. Download the latest version from the manufacturer's official website and install it manually.
- Please set up your network again. Install a new one
SSID, password and security protocol (WPA3). - Check the devices. Scan all gadgets with an antivirus (for example, Kaspersky Internet Security or Malwarebytes).
- Change your passwords. Update your email, social media, and banking passwords—they may have been compromised.
If after a reset the router behaves strangely (changes settings spontaneously, reboots), it may be infected malware (For example, VPNFilter or Mirai). In this case:
- 🛡️ Flash your router with alternative firmware (DD-WRT, OpenWRT).
- 🔧 Contact the manufacturer's support team—some models can only be cleaned at a service center.
- 🆘 If your router is outdated (for example, TP-Link TL-WR740N 2015), replace it with a new model that supports
WPA3.
⚠️ Attention: If your router has been hacked and you use it to access sensitive data (for example, remote access to a corporate network), report the incident to your company's information security team. Attackers may have intercepted your credentials.
FAQ: Frequently Asked Questions about Wi-Fi Security
Is it possible to set a Wi-Fi password without access to the router?
No. To change security settings, you need access to the router's control panel (via cable or over the current network). If you don't know the admin password, you'll have to reset the router to factory settings using the button. Reset.
What is the most secure router in 2026?
Based on test results AV-TEST (2026), best models for safety:
- ASUS RT-AX88U Pro (built-in AiProtection Pro, support
WPA3). - Netgear Nighthawk RAXE500 (hardware encryption acceleration).
- TP-Link Archer AX11000 (defense against attacks KRACK And Dragonblood).
- MikroTik RB5009 (flexible firewall settings, support
WireGuard).
Suitable for a budget option Keenetic Hero 4G or Xiaomi AX3000T.
What to do if you forgot your Wi-Fi password?
There are three ways:
- View the password in the router settings (section
Wireless Security). - On Windows: Open
Network Settings → Network and Sharing Center → Wireless Network → Properties → Securityand check the boxShow entered characters. - On Android: Use the app WiFi Password Viewer (root rights required).
If nothing helps, reset the router using the button Reset and set up the network again.
Is it possible to hack Wi-Fi with WPA3?
In theory, yes, but in practice, it's extremely difficult. Vulnerabilities WPA3 (For example, Dragonblood) require physical access to the network or specific conditions (for example, the use of SAE (in a non-standard configuration). For a home user, the risk is minimal if:
- The password is long and complex.
- The router firmware has been updated.
- Legacy protocols are disabled (
WPS,UPnP).
For comparison: WPA2 can be hacked in a few hours using Hashcat and mid-range video cards, and on WPA3 It will take weeks even with professional equipment.
How to secure Wi-Fi in an office or small business?
For a corporate network it is recommended:
- Use
WPA3-Enterprisewith authentication server (RADIUS). - Split the network into
VLANfor different departments. - Turn on
802.1Xfor additional testing of devices. - Install a router with support
IPS/IDS(For example, Ubiquiti UniFi or Palo Alto). - Keep a connection log and regularly audit the network.
A router is suitable for small businesses. TP-Link Omada or Zyxel Nebula with cloud management.