Strong Wi-Fi security with WPA3 encryption

A secure Wi-Fi network (or home network) is crucial to protecting your personal information and devices against unauthorized access and dangerous attacks. Our tip: Activate the secure encryption method WPA2 – or even better, the newest standard WPA3!

A padlock protects the Wi-Fi network

Protect your Wi-Fi network against unauthorized external access. © Deutsche Telekom/ iStock/maximmmmum/Marina Parfenova; Montage: Evelyn Ebert Meneses

If your Wi-Fi network is protected poorly, hackers can hijack your home network to commit crimes or abuse your personal information for fraudulent purposes. The attackers can then take control and connect to expensive premium services, monitor your internet traffic, and steal sensitive personal information. In a nutshell: An insecure Wi-Fi network can result in a total loss of control, making your home an easy target for malware infections or spyware from stalkers. And that’s not all: If your Wi-Fi network is insecure and is used for illegal activities, for example, you could be held liable as the owner of the network. So it’s really important to make sure your Wi-Fi network and its data have the best possible protection.

Wi-Fi security: Five threats from insecure Wi-Fi networks

  • Data leaks: An insecure Wi-Fi network can allow other users nearby to access to your network. As a result, your personal information, passwords, bank data, or private communications could end up in unauthorized hands.
  • Man-in-the-middle attacks: Inadequate Wi-Fi security gives attackers a way to insert themselves between your device and the network used. They can intercept your data traffic, manipulate it, and even inject malware.
  • Botnets: An insecure Wi-Fi network also makes your router vulnerable. Attackers can connect it with thousands of other hijacked devices and commit crimes with them – such as the notorious DDoS attacks on businesses, online retailers, and government authorities. 
  • Malware infections: When your device is infected with malware, this malware can steal data and cause other damage. Strong Wi-Fi security offers protection against this kind of attack.
  • Identity theft: The leaking of personal data can result in identity theft and financial damage.

9 tips for increasing your Wi-Fi security

1) Activate WPA2 or WPA3 encryption

To make your Wi-Fi more secure, you should use Wi-Fi networks that are protected by encryption protocols like WPA2 or the newest standard, WPA3. WPA stands for “Wi-Fi Protected Access” and is a security protocol that was developed to protect Wi-Fi networks. Its purpose is to prevent unauthorized access to wireless networks and guarantee the confidentiality of the transmitted data. WPA replaced the older WEP (Wired Equivalent Privacy) security standard, which was obsolete and no longer secure. There are many different versions of WPA and WPA2 is the most widespread version. WPA3 is the newest version and contains the latest improvements in Wi-Fi security and encryption. By configuring your router settings, you can ensure that a strong encryption standard like WPA2 or WPA3 is active. Important: The devices in your network must also support WPA2 or WPA3, but this isn’t true of all devices. In this case, an investment in new hardware will probably pay off. 

2) Use a very strong Wi-Fi password and change the standard admin password

Even the best encryption can be useless if a strong network key – that is, the password for the Wi-Fi connection – isn’t used. Like with other passwords, the strength of your network key, and thus your Wi-Fi security, depends on using a combination of different letters, numbers, and special characters, as well as it being long enough. Therefore, use a strong password, one that differs from your router password. Deutsche Telekom’s routers in the Speedport family are already programmed with a strong, custom password out of the box. However, many other Wi-Fi routers are shipped with a default password that is easy to guess. Therefore, be sure to change the password whenever you install a new router! 

3) Change the Wi-Fi network (SSID)

There are many reasons why you should change the default name (also called the SSID, Service Set Identifier) of your Wi-Fi network::

  • Wi-Fi security: You should give your Wi-Fi network a name that does not provide any clues about your internet provider or installed router. If they have information about the router model or provider, hackers can research known vulnerabilities on the internet and then exploit them. By changing the network name, you make it more difficult for potential attackers to identify your devices.
  • Avoid mix-ups: If you keep the default name, mix-ups might occur, especially if your neighbors use the same router model. Changing the name makes it easier to recognize your own network.
  • Simple identification: When you change the Wi-Fi network name, you can choose a name that you can identify easily. If you choose a descriptive name, then your guests will know which (guest) network they should use, for example. You should also think of your privacy, however, and not include any personal information in the network name – so avoid names that include references to your name or address. 
  • Better network administration: If you operate multiple Wi-Fi networks, changing the Wi-Fi network names will make it easier to administer them. You can assign one name to your private network, for example, and provide a separate Wi-Fi network to your guests under a different name. The network name may be public and transmitted/published by the router. Hiding network names does not increase Wi-Fi security. 

4) Configure guest Wi-Fi access

By configuring a special guest Wi-Fi network, you can give your guests secure internet access without giving them your private Wi-Fi identifier. A guest Wi-Fi network can be set up relatively easily and does not require complicated configuration. Deutsche Telekom’s routers generate a helpful QR code during setup, which guests can simply scan with their smartphones. As a result, they don’t have to enter any complex passwords. You can set up a Wi-Fi network for guests from the router menu or in the app, and you can even set an expiration date, so guest access ends at a defined date and time. 

5) Update your router firmware regularly

To improve the security of your Wi-Fi network, activate the automatic update feature for your router software. After all, a router is just another computer, but one with specific tasks. Like any computer, it requires software, which is called “firmware” in this case. If no automatic update feature is available, use the corresponding function in the router’s menu to check for firmware updates regularly and install them as soon as possible. Firmware updates often contain security improvements and should therefore be installed quickly.

6) Define MAC addresses in your router

Limit network access to known devices, such as computers and smartphones. Every device in a network has its own unique Media Access Control (MAC) address. Every router has an option to only allow connections with devices whose MAC addresses are defined in the router. If a different, unknown device whose MAC address is not defined in the router attempts to establish a connection, it is rejected automatically.

7) Be cautious with WPS

Be cautious when using WPS: WPS (Wi-Fi Protected Setup) is a convenient way to connect devices with a Wi-Fi network quickly. At the same time, however, WPS can also be used by third parties in an unsupervised moment, creating a security vulnerability. Deactivate WPS or only use it when you really need it.

8) Use a secure protocol for router administration

Make sure that the router administration interface is protected by the secure HTTPS protocol before making it accessible remotely or locally.

9) Check the open ports

Check whether there are any open ports on your router that are not needed. Close all ports that are not required for normal operation to reduce the number of potential attack vectors.

Frequently asked questions about Wi-Fi security

There is no such thing as absolute security in public Wi-Fi networks, but here are a few tips for making it safer:

  • Use a secure connection (HTTPS):
    Make sure that you visit websites that support the secure connection protocol (HTTPS). HTTPS encrypts data transmitted between your device and the website, making it more difficult to intercept information.
  • VPN (Virtual Private Network):
    Using a VPN can increase the protection of Wi-Fi connections by encrypting and anonymizing your data. This makes it more difficult for third parties to spy on activities in your network.
  • Avoid public networks:
    Whenever possible, avoid connecting to public Wi-Fi networks when performing sensitive activities, such as online banking. Instead, use a personal hotspot or a secure network.
  • Update your software:
    Always install the latest versions of your operating system, browser, and all security software, to make sure you’re protected by the latest security updates.
  • Use selected public networks:
    Only connect to trusted, official public Wi-Fi networks. Cybercriminals can set up fake hotspots to intercept your personal information.
  • Deactivate auto-join:
    Deactivate the auto-join function for Wi-Fi networks on your device. Manual connections will give you more control and prevent your device from connecting to dangerous networks without your knowledge.
  • Avoid using public computers:
    Avoid using public computers in Wi-Fi hotspots, especially if you have to enter confidential information. These computers might be infected with malware.

There are several signs that could indicate unauthorized use of your Wi-Fi network. Here are a few of them:

  • Unusually slow internet speeds:
    If you notice that your internet connection suddenly becomes much slower than usual, this might be an indication that someone else is using your bandwidth.
  • Unknown devices in the network overview:
    Check the list of connected devices in the settings of your Wi-Fi router. If you notice unknown devices, this could be a sign of unauthorized access.
  • Unaccountable activities in your router log:Review the log of your Wi-Fi router to find out which devices have accessed your network. Check whether there are any activities from unknown devices.
  • Sudden increase in data usage:If the data usage of your internet connection seems inexplicably high, this could be a sign that your Wi-Fi network is not secure and is being used by others.
  • Problems connecting to the network:
    If you encounter problems trying to connect with your own network, this could be a sign that someone else is trying to dominate the network..
  • Unusual online activities:
    Monitor your online activities for anomalies, for example, unknown devices logging on to your online accounts.

How to make your router safe

Six important tips to protect your router.