Router Security | Choosing an SSID |
Website by Michael Horowitz |
The SSID (Service Set IDentifier) is the name of a wireless network. If a router can create more than one network, then each can have its own name/SSID. Whether each should have its own name is a debatable issue, but not a security one.
You should change the default SSID(s), for a couple reasons, one technical one not.
Using a default or common SSID, can make it easier for bad guys to crack the WPA2 encryption. The network name is part of the encryption algorithm, and password cracking dictionaries (rainbow tables) include common SSIDs. Thus, a popular SSID makes the hacker’s job easier.
On a totally different level, you don't appear to be technically clueless. Anyone who has not changed the default network name is immediately pegged as a non-techie whose defenses are likely to be poor. There might as well be a "hack me" sign on the network.
I have seen others argue that changing an SSID that has the vendor name in it is good for security, as it hides the company that made your router. It does not. The identity of the hardware vendor is advertised for the world to see in the MAC address that the router broadcasts. Even if you change a default SSID of "Linksys" to "Netgear", anyone with a Wi-Fi survey app such as WiFi Analyzer on Android can tell that the router was made by Linksys.
The network name you choose should not give away any personal information. I have relatives whose SSID is "The Smith Family" perhaps the worst possible name (their last name is not really Smith). If everyone knows you are a Boston Red Sox fan, don't use "redsoxfan" as your SSID. If you live in apartment 3G, name your network "Apartment5E". Don't make it easy for someone to target you.
In March 2022, I was told that someone ran across a Mercedes-Benz car that was broadcasting a Wi-Fi signal. The network name was the name of the car owner, followed by "Mercedes". It does not get any worse than that. Or does it? What if the Wi-Fi password was the license plate number?
In a tech support document, Recommended settings for Wi-Fi routers and access points Apple says to "Choose a name that's unique to your network and isn't shared by other nearby networks or other networks you are likely to encounter. If your router came with a default SSID it's especially important that you change it to a different, unique name ... If your SSID isn't unique, Wi-Fi devices [may] .. connect to other networks sharing the same SSID."
Apple is right in that you should chose a network name not used anywhere your portable Wi-Fi devices will go. But, to do so, you need a truly unique SSID, one not used by anyone else in the world. I don't think that's a good idea, as it makes it too easy for bad guys and spies to find you. For example, if the SSID is truly unique you are at risk when one of your wireless devices broadcasts the SSID while its looking to connect. Someone could look up your home SSID at wigle.net and find out where you live.
I suggest a happy medium. And, yes many WiFi devices opt for ease-of-use over security, and thus connect to scam networks with the same SSID as one you have seen before. The defense against this is keep WiFi off when not in use.
As a starting point for choosing a name, think of race horse names and combine two or three words.
Use common sense in choosing a network name. In May 2016, some jerk on a Qantas flight out of Melbourne Australia named their network "Mobile Detonation Device." The pilot wouldn't take off until the network was identified. Some passengers were scared and left the plane, which eventually took off three hours late. |
Assuming no one at the location of the router is named Harvey, then you may want to call your network HarveyNet. If you create a Guest network, it could be HarveyNetGuest. This is simple, easy to remember and gives away no personal information.
The maximum length of a WiFi network name is 32 bytes/characters.
SSIDs are case sensitive, thus "abc" is treated as a different name than "aBc" and "aBC".
Special characters (spaces, periods, dashes, underscores etc) are allowed. Jumping out a 14th floor window is also allowed. Neither is a good idea.
Your router probably has an option to hide the SSID, usually a checkbox for whether or not to "broadcast" the name (it may also be called "network cloaking"). When enabled, it requires you type in the name of the network when connecting, rather than picking the network from a list of those detected nearby. Hiding the SSID has been called a security feature on the theory that bad guys can't hack into a network they can't see. But, the protection offered by not broadcasting the SSID is trivially easy to bypass. In my opinion, and the opinion of many experts, hiding the network name is not worth the operational hassle. Let the name be broadcast.
The best use of SSID hiding is as a litmus test. Any article that suggests doing so for security reasons is not worth reading. Much like MAC address filtering. For example, Consumer Reports magazine suggested hiding your SSID in a November 2016 article 66 Ways to Protect Your Privacy Right Now (item 48).
April 15, 2018: A reader raised an interesting question - what about a Wi-Fi network that is devoted to IoT devices? Since no people will be connecting to the network, there is no reason to broadcast the SSID. On the one hand, perhaps not broadcasting the SSID in this case would make the network a bit more secure. On the other hand, it might attract the attention of bad guys in the neighborhood who might think it was worth attacking the network specifically because the owner went to the trouble of hiding it.
There is yet another type of hiding, hiding your location. Both iOS and Android report the location of the Wi-Fi networks they find, back to the mother ship. On Android, Wi-Fi scanning apps are required to have Location Services enabled before they can even run. Google offers Android users a way out, append "_nomap" to the SSID. So, "redsoxfan" becomes "redsoxfan_nomap". Even if this works (I have not seen anyone test it), Apple devices are still mapping the location of every SSID they see.
Section added May 2024
Apple and Google know the physical location of all routers. This has been true for a long time. They do this by marrying the location of phones learned from GPS and the signal strength of other nearby routers. On Android, there is a reason that you can not scan for nearby Wi-Fi networks until you enable the Location feature.
In May 2024 a report was issued about how easy it to abuse the known router locations in Apple's database. This is one article that covered this: How Apple Wi-Fi Positioning System can be abused to track people around the globe by Thomas Claburn for The Register (May 23, 2024). Note that the WPS referred to in the article (Wi-Fi Positioning System) is not the same WPS that is referred to elsewhere on this website.
I mention this here because both Apple and Google offer a way to keep your Wi-Fi networks out of their Location database - include the string "_nomap" at the end of the SSID. If a router creates more than one SSID, then to keep your privacy, you would have to do this at the end of every SSID created by the router. Google has offered this option for many years. Apple just added this after they were embarrassed by the recent study.
Is the really necessary? For a home router, it is debatable. However there are two cases where I would suggest adding the "_nomap" string to the SSID(s)
Some suggestions from this Parade Magazine article, 150 Funny WiFi Names That Make Getting Online 10X More Fun (October 2022): Thou Shalt Not Covet Thy Neighbor’s Wifi, Formerly Known as Prints, Wi-Fight the Inevitable, 404 Network Unavailable, Lord of the Ping, Who What When Where WiFi and Password is Gullible.
The maximum length of an SSID is, technically, 32 bytes, rather than 32 characters. The difference can be seen with Unicode characters that consist of more than one byte (a byte is 8 bits). With some fudging, you can create a network name that consists of emojis. See this October 2014 Ars Technica article for more: Scare your neighbors with a spooky Halloween network name. This is pushing the envelope though as some devices prevent non-Latin characters in the SSID.
More funny SSIDs were here (NOTE: as of Jan. 2021 these articles have been removed): Stay off my LAN! Our top WiFi names from August 2015. This includes "Mum, click here for Internet" and "Lord of the Pings". Also, some neighbors take out their anger with "You're music is annoying" and "QUIT STEALING MY PAPER". The article was such a hit, that part two followed in October 2015: Our top WiFi names, part 2. The new list includes my personal favorite "searching....".
From Oct. 2016 on Reddit: What is the best Wi-Fi name you have ever seen? This has some goodies: 'TellMyWiFiLoveHer', 'C:/virus.exe', 'The PromisedLAN', 'ThisLANIsYourLAN', 'No internet connection available', 'DropItLikeItsHotSpot', 'AbrahamLinksys' and, at a YMCA, this: 'The Y-Fi'. It also has a new contender for my favorite: 'ThisIsNotTheWifiConnectionYoureLookingFor'. No, Obi-Wan, I suppose it isn't.
From NPR's All Tech Considered in Feb. 2017, we have Using A Wi-Fi Network's Name To Broadcast A Political Message. Quoting: "President Trump's supporters and opponents have expanded their battlefield even to the choice of their own Wi-Fi names - identifying their networks according to what they think of the president. Examples range from the F-word followed by Trump's name to the acronym 'MAGA Wi-Fi,' which stands for Make America Great Again Wi-Fi."
Everyone Is Trying to Outdo Each Other With Cute Wi-Fi Names New York Times September 13, 2017. Quoting: "Network names have gone from being boring digit chains to another opportunity for personalization, like vanity plates or monogrammed towels." The article describes people who choose names that say something about themselves, their business or their home. Not a good idea.
An April 2018 tweet by Heidi N Moore called out "This LAN is My LAN" and "This LAN is Your LAN" (seen before from Reddit, above) which prompted responses with other humorous SSIDs: "The Dark SSID of the Force", "Wu-Tang LAN", "LAN before time", and "Getyourownwifi".
Some from a May 2018 article at qz.com are: Lan Solo, LAN Before Time, Bill Wi the Science Fi, Winona Router, Chance the Router, Silence of the LANS, and, perhaps the best of the lot, seen in Australia - the LAN down under.
October 2019 on Reddit: What’s the best Wi-Fi name you’ve seen? asked by KatieB_Erickson. The funniest might be the first one. There is a store in the UK called Central Entertainment Exchange, typically known as CEX. Their staff SSID is ProtectedCEX, their public SSID is UnprotectedCEX. More parental issues: "Mom this one". More names to keep people away: "Offline", "None" and "Searching…". Finally, "Wrong", so that when you connect it says "you've connected to the wrong network".
The Best Funny Wi-Fi Names for Your New Router by Andrew Heinzman (Dec 25, 2021). Forty of the author's favorites. From his list, I like "Password Is Gullible" and a couple Cisco puns: "Captain Cisco" (for Star Trek fans) and "Cisco Inferno" (for anyone who rembers the disco dance craze).
150 Funny WiFi Names That Make Getting Online 10X More Fun by Maryn Liles (Feb 8, 2022). A lot of repeat names. Some of my favorites: "Close Your Bathroom Curtains", "Saved a Bunch of Money by Switching to GEICO", "Thou Shalt Not Covet Thy Neighbors Wifi", "One if by LAN…" and "Thats What She SSID".
- - - - - - -
Interesting story: Old Bay Seasoning Tracked Down This Woman Because of Her Wi-Fi Network's Name (August 2019). A Brooklyn woman set up her Wi-Fi network, named it "oldbayseasoning," and never thought of it again. Five years later, the company started looking for her.