Is my wifi safe from hackers? Am i doing it right?

CourtneyCutieCourtneyCutie Member Posts: 3
Name Dropper First Comment

Need advice...


Best Answer

  • CrowgrandfatherCrowgrandfather Posts: 62
    5 Answers 25 Likes 10 Comments 5 Agrees
    Accepted Answer

    Here's my advice

    Turn off WPA. Use only WPA2. WPA is a legacy program with a lot of problems.

    Turn off TKIP only use AES. TKIP exists for old devices like Windows XP that don't support WPA2/AES. TKIP has the same vulnerabilities as WPA.

    Pretty much every device built in the last 15 years supports WPA2/AES so having WPA/TKIP enabled only makes your router easy to brute force.



  • KurtBojanglesKurtBojangles Member Posts: 1
    First Comment Photogenic
    WPA2-PSK with TKIP is a reasonably strong auth/encryption configuration.  Just make sure your password isn't something simple. Make it at least two unrelated words, interspersed with numbers and characters.
  • RobinRobin Administrator Posts: 2,073
    100 Answers 1000 Comments 250 Likes 25 Agrees
    Hi @CourtneyCutie

    There a few things that are best practices for a secure network.  
    1.  On a large number of routers, the Admin user ID and password are the default and right on the bottom of the router.  
    2. Some Guest & primary networks share the same password.  
    Every home grade router has these features. You can follow the below-mentioned steps for securing the network. 

    1.  Change the admin password to something with 11 characters or more. 11 characters as a base make it hard for password crack utilities to break.  Having more than 16 is even better.   
    2. Change the Guest network password or even turn it off when not in use. 

    Robin (Admin at Fing)
    Getting Started? Please refer to Community guidelines & Community User Guides("Helping Hand"). HAPPY POSTING!!!
  • CourtneyCutieCourtneyCutie Member Posts: 3
    Name Dropper First Comment

    I don’t know which one to choose 🤷🏻‍♀️

    WPA2-PSK or WPA2-EAP?

  • CrowgrandfatherCrowgrandfather Member, Beta Tester Posts: 62
    5 Answers 25 Likes 10 Comments 5 Agrees

    You want WPA2-PSK.

    WPA2-EAP is for enterprise systems using a Radius server.

    The main difference is this:

    PSK has one password. The password is the same for everyone. If you know it you can access the WiFi.

    EAP uses a backend database to authenticate user (Radius). Each user has a unique username and password for the WiFi. EAP actually has some unique features you can set up like rotating passwords so each day is a different password, passwords that only work as certain times, 2FA for WiFi, etc. But again it requires a backend database.

  • Lee_BoLee_Bo Member Posts: 144
    100 Comments 100 Likes 25 Agrees 5 Awesomes
    I would add to make sure that auto blocking of new devices is enabled:

    I just blocked my MacBook Pro and once I did that, I couldn't even get to my Ubiquiti router.  So even if someone managed to connect to your network, they wouldn't be able to do anything.
  • CourtneyCutieCourtneyCutie Member Posts: 3
    Name Dropper First Comment
Sign In or Register to comment.