Router Security Router Passwords Website by     
Michael Horowitz 
Home Site Index Bugs News Security Checklist Tests DNS Resources Stats Search Popular Pages
See my new website:

The Router Password: The First thing to change

Update April 26, 2017: This page assumes there is a web interface for the router. Web interfaces may be on the way out, at least in routers targeted at consumers such as Eero and Google Wifi. From what I have seen of these relatively new consumer-focused routers that are managed by a mobile app, the security is weaker. Anyone with access to the mobile device can use the mobile app, no router password needed. Ugh.

The first thing to do when upgrading the security of an existing router is to change the router password. This may also be the hardest step for non-techies as they often don't know the current password. Heck, they may not even know that the router has a userid/password. If this applies to you, contact your ISP. This web site may have tons of tips about making your router more secure, but it all depends on knowing the router userid/password so that you can logon to the router and make changes.

The most important thing about a router password is that it not be the default out-of-the-box password. It does not need to be a long string of random characters. On the other hand don't use a word in the dictionary either. A word and a number (Seattle2009) or two words (redtulips) should be sufficient as long as remote administration is not enabled. If remote administration is enabled, then the password should be at least 14 characters long and not be as simple as two words in the dictionary.

Funny aside: perhaps my favorite router security story. Back in Feb. 2014 Brian Krebs was writing about some of the many flaws in routers when he threw in this:

"Here's a ... frustrating example, and one that I discovered on my own just this past weekend: I helped someone set up a ... ASUS RT-N66U ... router, and ... made sure to change the default router credentials ... ... my password was fairly long. However, ASUS's stock firmware didn't tell me that it had truncated the password at 16 characters .... when I went to log in to the device later it would not let me in ... Only by working backwards on the 25-character passphrase I'd chosen - eliminating one letter at a time ... did I discover that the login page would give an "unauthorized" response if I entered anything more than that the first 16 characters of the password."

That's really everything you need to know about consumer routers right there. Depending on how you count, it took 4 or 5 mistakes to get to that point.

Once in possession of the router userid/password, then log in to the router using either the tried and true method, a web browser, or the more recent approach, a mobile app. If using a web browser, the router vendor may have a reserved name for the router, see the Introduction page for examples of this. If not, then enter
where is the IP address of the router. If you don't know the IP address, the good news is that every device on the network does. I blogged about how to Find the IP address of your home router back in September 2013. The article covers Windows XP, 7, 8 and 10, iOS 5, 6, 7, 8, 9 and 10, OS X Snow Leopard and Yosemite, Android 2.x, 4.x, 5.x and 6.x, and Chrome OS.

Sign in to the router and change the password. The specifics of how this is done differs on every router. You just have to hunt for the password reset option. It may be in an administrative section.

While many, if not most, routers have a single password, some have more than one because they support more than one userid. The most common case is that a router will allow for two userids, one that has full administrative powers and one that is read-only. If your router has a read-only user, be sure to change the password for that user too.

Then too, at the top of the scale, are routers that let you change not only the passwords but also the userids. Rather than logging in to the router as user "admin", you can log in as user "MickeyMouse." This is a great security feature and if your router lets you change the userid, you should take advantage of it. Routers that allow you to change the userid include the Pepwave Surf SOHO, the TP-LINK TL-WR841N and the Asus RT-AC66U.

Few of us are well organized. With that in mind, I suggest writing down the routers IP address, userid and password on a piece of paper and taping it to the router, face down. Or, tape it next to the router so as not to block any ventilation holes. The point being, to have it at the ready when needed in a place that couldn't be easier to remember. You may also want to write down the WiFi password(s).

FYI: How do I change the admin password on my NETGEAR router? Article ID: 20026. As of Oct. 27, 2016 it was Last Updated October 18, 2016.

This page was last updated: May 5, 2019 10PM CT     
Created: June 3, 2015
Viewed 18,057 times since June 3, 2015
(9/day over 1,945 days)     
Website by Michael Horowitz      
Feedback: routers __at__ michaelhorowitz dot com  
Copyright 2015 - 2020