What’s the status of your Wi-Fi password? I wager that if I surveyed most people I know, I’d find two groups split right down the middle: people who never bothered to change theirs, and people who changed theirs to something painfully easy or funny. Then, there’s a handful of people who try to beat possible networking issues by staying on top of their Wi-Fi passwords.
The thing with Wi-Fi passwords is that they’re often underestimated in the sense that we don’t even keep track of what’s happened to ours. Meanwhile, it’s probably been shared with dozens of devices, given to guests, and never thought about again.
But a bad Wi-Fi password is absolutely worth fixing, and the sooner, the better.
One password, too many devices
Your Wi-Fi password has probably been around for far too long
Your Wi-Fi password is different from most passwords in a super basic way: it doesn’t just protect one account. It protects your entire network.
It’s the thing that lets every device in your home get on the network (hopefully every device apart from the ones that shouldn’t be on Wi-Fi). Your phone, laptop, console, printer, security camera, and a bunch of other electronics probably connect via Wi-Fi, and they all know your password.
Over time, that password just spreads and spreads.
It’s not just you, either. Think of all the people, or rather their devices, who might have had access to it at one point. Friends, family members, neighbors, guests, contractors, and more. They definitely don’t remember it by now (unless you made it extremely funny), but their devices might still remember. Think of it like this: Do you go and delete every single Wi-Fi network from your phone as soon as you leave that place?
So, yeah, your Wi-Fi password is probably more exposed than you’d think. And while I’m not implying that everyone in your life is trying to hack you, I’m simply trying to say that you shouldn’t grow complacent and let the same Wi-Fi password live forever.
QuizVLANs and home Wi-Fi security techniques
Trivia challenge
Think you know how to lock down your home network? Test your skills on VLANs, firewalls, and beyond.
VLANsWi-Fi SecurityNetworkingEncryptionBest Practices
What does VLAN stand for?
Correct! VLAN stands for Virtual Local Area Network. It allows you to segment a physical network into multiple logical networks, improving both security and traffic management without needing separate physical hardware.
Not quite — the answer is Virtual Local Area Network. VLANs are a foundational concept in network segmentation, letting you logically separate devices even when they share the same physical switches or access points.
What is the primary security benefit of placing IoT devices on a separate VLAN in a home network?
Exactly right! Isolating IoT devices on their own VLAN means that if a smart bulb or thermostat is compromised, attackers cannot easily pivot to your laptops or NAS drives. It creates a logical barrier between trust zones in your home.
The correct answer is network isolation. By placing IoT devices on a separate VLAN, you contain any potential breach to that segment. A hacked smart TV, for example, would have no path to your personal files or banking sessions on the main network.
Which Wi-Fi security protocol is currently considered the most secure for home networks?
Correct! WPA3 is the latest and most secure Wi-Fi security protocol. It introduced Simultaneous Authentication of Equals (SAE), which protects against offline dictionary attacks and improves forward secrecy compared to WPA2.
The correct answer is WPA3. While WPA2 is still widely used and reasonably secure, WPA3 offers stronger protections including resistance to brute-force attacks and better security on open networks via Opportunistic Wireless Encryption (OWE).
What is a ‘guest network’ feature on a home router primarily designed to do?
Spot on! A guest network creates a separate Wi-Fi segment so that visitors can access the internet without being able to see or interact with your main devices like printers, NAS drives, or smart home hubs. It is a simple but effective security layer.
The right answer is isolation. Guest networks keep visitor devices in their own bubble, preventing them from accidentally — or intentionally — accessing your private files, smart home devices, or other networked equipment on your main LAN.
What is MAC address filtering, and what is its main limitation as a security measure?
Well done! MAC address filtering lets you create an allowlist of devices that can join your network. However, MAC addresses are transmitted in plain text and can be easily spoofed by an attacker who sniffs the air for a valid address, making this a weak standalone defense.
The correct answer is that MAC filtering allows only pre-approved hardware addresses but can be bypassed via spoofing. Because MAC addresses are visible in unencrypted Wi-Fi frames, a determined attacker can clone a legitimate device’s address and gain access.
In VLAN terminology, what is a ‘trunk port’?
Correct! A trunk port carries traffic from multiple VLANs over a single physical link by tagging frames with VLAN IDs, typically using the 802.1Q standard. This is essential when connecting managed switches or access points that need to serve several VLANs at once.
The right answer is that a trunk port carries multiple VLANs using 802.1Q tagging. Without trunk ports, you would need a separate physical cable for every VLAN, which would be impractical. Tagging lets one cable do the work of many by labeling each frame with its VLAN ID.
What does enabling DNS over HTTPS (DoH) on your home network help protect against?
Exactly! DNS over HTTPS encrypts your DNS queries so that your ISP, router, or anyone monitoring local traffic cannot easily see which domain names you are resolving. Without it, DNS lookups travel in plain text, leaking your browsing habits even if the sites themselves use HTTPS.
The correct answer is privacy from DNS snooping. Traditional DNS queries are unencrypted, meaning anyone on the same network — or your ISP — can log every domain you visit. DoH wraps those queries in HTTPS encryption, making passive surveillance significantly harder.
Which of the following is the best reason to disable WPS (Wi-Fi Protected Setup) on your home router?
Correct! The WPS PIN method uses an 8-digit PIN that is effectively split into two 4-digit halves, reducing the attack surface to just 11,000 combinations. Tools like Reaver can crack WPS PINs in hours, handing an attacker your full Wi-Fi password. Disabling WPS removes this risk entirely.
The real reason to disable WPS is its well-documented vulnerability to brute-force attacks. The WPS PIN can be cracked in a matter of hours using freely available tools, giving attackers your actual Wi-Fi passphrase. It is one of the easiest wins in home network hardening.
Your Score
/ 8
Thanks for playing!
The passwords people actually use are still terrible
Breach reports keep telling the same story
The problem with Wi-Fi passwords is twofold. One: people often just don’t change them, which means their passwords may be something super basic. Even if it’s not, you’d still want to change it to not use the password that came with your router, anyway.
Two: If they do change them, the passwords still end up being so basic.
Every year, password breach reports tell the exact same story. It’s always the same kinds of passwords that keep showing up, even though it’s been said so many times that they’re just plain bad.
That matters for Wi-Fi, even though most of these reports are based on leaked account credentials rather than router passwords. The habits are the same. If people are still using passwords like “1234567890,” “admin,” “password,” “qwerty,” “abc123, “Welcome123,” or “P@ssword123” for accounts that hold personal data, it’s not a stretch to assume some of those same patterns apply to home networks, too.
The very nature of Wi-Fi makes this whole thing worse. No one wants to type a super complicated password with a TV remote, which is why more often than not, home networks are relatively unprotected with bad passwords.
9/10
- Brand
-
Unifi
- Range
-
1,750 square feet
If you invest your money in a top-quality router, this UniFi Dream Router 7 is a fantastic pick, with NVR capabilities, managed switching, a built-in firewall, VLANs, and more.
Your router has two passwords, and they’re both important
Don’t forget to consider both
What a lot of people don’t think about is the fact that your router actually has two important passwords. The Wi-Fi password is the one you use to connect devices to the network, but the router admin password is the one that lets you change your router’s settings. That’s where you change the network name, update the Wi-Fi password, enable or disable features, and generally control what your router’s up to.
Both of those passwords need to be unique and 100% strong, but for slightly different reasons.
A bad Wi-Fi password can let people get onto your network, while a bad router admin password can let someone mess with the network itself.
Your fiber internet is fast, but your home network probably isn’t
WPA3 helps, but it’s not a magic wand
You still need a decent password
WPA3 is the current Wi-Fi security standard, and it’s the setting that controls how your router encrypts and protects your wireless network. You’ll usually find it on the router admin page, tucked away under something like Wireless, Wi-Fi, Security, or Authentication.
From there, look for the security mode and switch it to WPA3-Personal if your router and devices support it.
If you only see WPA2/WPA3-Personal, that’s a mixed mode that keeps older devices connected while still letting newer ones use WPA3.
It’s worth turning it on if you have it, but WPA3 is not a replacement for a good password. Older devices may not support it, and some routers will still default to WPA2 or mixed mode for compatibility.
A better password should be long and not funny at all
The best Wi-Fi password isn’t an inside joke shared by your entire household (or, worse yet, friend group). It’s also not the easiest one to say out loud. Unfortunately, the best Wi-Fi password is the one that makes you sigh as you recite it to your friend who wants to connect to your network while they’re staying over. Treat this as a PSA to go change your Wi-Fi password.
- Supported standards
-
802.11.be, 802.11ac, 802.11ax, 802.11g, 802.11n
- Speeds
-
6500 Megabits Per Second