Why should you be worried about router security?
Your router is integral to the security of all its connected devices. If you have Wi-Fi in your house for laptops, phones, and even smart home devices, all your data is passing through a router. If the router is hacked, any data it handles could be exposed to cybercriminals and other bad actors.
You might assume that your router is just a Wi-Fi generator, but it does a lot more than that. Most routers have built-in parental controls, extra features and firewalls to ward off attacks and router malware, and data storage systems, including DNS caching.
When choosing a router, it’s important to find one that is secure, comes with useful safety features, and is made by a reputable manufacturer. Remember, not all routers offer the same levels of security.
Are all routers secure?
Some routers are not secure at all, while those that are vary in the level of safety and privacy they offer.
The best secure routers can still be vulnerable if they aren’t set up correctly. Using weak passwords, for example, could expose you to threats from hackers.
If you’re going to buy a new router, there are some key features you should look out for.
What makes a router secure?
Here are some of the things that you should expect to see in the best secure routers. A router doesn’t need to have all of these to be secure, but it should come with most of them.
- In-built security features. The best secure router should come with features to prevent DDoS attacks, parental controls, and the capacity to block access to risky websites.
- WPA3 certification. If a router is certified for WPA3, you’ll know that it comes with useful security functions like data encryption and protection against brute force attacks. At the very least, though, it must have WPA2 certification.
- VPN compatibility. A secure router should have the capacity to be configured to route data through a VPN server.
- Pre-configured VPN. Some routers come with a VPN already configured, protecting your traffic with powerful encryption as soon as you turn it on.
- Facilitates long passwords. Router security depends on a strong network security key, so it’s important that whatever router you choose allows you to use a password that is at least 10 characters long. If it only allows you to use a short pin, that’s a major flaw.
- Automatic firmware updates, or update notifications. The firmware on your router needs to be updated regularly. A good router should do this automatically, or notify you whenever updates are available.
As we’ve made clear, some routers come with extra security features, but do you really need them to stay safe?
How important are router security features?
Security features play a major role in keeping your router safe. Perhaps the most important features are those that encrypt data while in transit. Most routers have protocols that encrypt data, but some are stronger than others. We’ll discuss and compare protocols later in this article.
Some routers will also have pre-configured VPNs, or at least offer the possibility of VPN configuration. Both of these options result in high-security encryption and IP address protection.
Other factors beyond security features need to be considered, of course — speed, for example, and Wi-Fi 6 support — but protecting yourself against hackers should still be the priority.
With so many different routers available, it can be difficult to assess which one offers the right balance of security, speed, and affordability for your needs.
Want to read more like this?
Get the latest news and tips from NordVPN.
Main types of routers
Let’s take a look at the different types of routers you might be considering. It should be noted that we can’t effectively assess how secure these different models are, because their security will vary widely depending on the specific products and manufacturers. Where possible, however, we’ll highlight security strengths and weaknesses.
Wireless routers are probably the most common type of router currently available. A wireless router connects to an ethernet cable and then projects Wi-Fi throughout the surrounding area (a home or an office, for example). These routers aren’t inherently unsafe, but because they are so widely sold, the quality of their security systems vary across the market. If you’re picking a wireless Wi-Fi router, make sure to read up on the specific model and its features. Most wireless options also have ethernet ports to allow for wired connections.
Wired routers rely on ethernet cables, just like a wireless router. However, they don’t project Wi-Fi, and instead connect directly to a device using ethernet ports and a second cable. In the age of smart devices like laptops, smartphones, and tablets, this may not be a useful solution for most people, since wired routers force you to stay within a cable’s length of the ethernet socket. However, if you have a static desktop or a larger games console, this can be a great option, as they offer fast speeds and make great gaming routers.
The term “edge router” is applied to routers that connect corporate networks to the internet, or to other wide area networks. The typical definition of an edge router sounds confusingly similar to regular home routers — internet gateways linking networks of connected devices to wider networks (including the internet). However, if a product is sold under this moniker, it usually means the router comes with additional features intended for businesses, like extra security measures and user monitoring functions. While edge routers typically have robust in-built protections, they will usually be of more use to businesses than individuals.
Core routers are also used primarily by organizations and businesses. This term usually refers to a router that links multiple networks within one space. For example, a core router might direct the flow of data between different local networks in one building (in an office block with multiple local networks spread across different floors, for example). These routers are typically very fast, as they have to move large quantities of data rapidly from many different users at once.
A VPN (virtual private network) router can be wireless, wired, edge, or core: the thing that defines it is its pre-configured VPN. These routers are programmed to send and receive data through a VPN server. This means that multiple devices connected to it can enjoy the benefits of in-transit encryption. If you’re using a router like this, you’ll also be less at risk from DDoS attacks and doxxing, since your router’s IP address will always be shielded from the wider internet. A good VPN blocks internet security threats and enhances overall privacy.
The most common router security protocols
Whatever router you settle on, the security protocols it uses will ultimately decide how safe your data is.
WEP (Wired Equivalent Privacy)
WEP is a fairly basic router security protocol. Through this system, the router is able to encrypt the network traffic it handles, and limits access to those without a preset password.
WPA (Wi-Fi Protected Access)
WPA is effectively a more advanced evolution of WEP, with stronger encryption and built-in authentication support.
WPA2 (Wi-Fi Protected Access 2)
WPA2 is currently the most widely used router security protocol. It was built on WPA’s foundations, but provides each device on a wireless network with a unique encryption key.
WPA3 (Wi-Fi Protected Access 3)
WPA3 is probably the most advanced and secure protocol currently available. It does away with WPA2’s system (in which multiple users can use the same password to connect to a network), using temporary QR codes and even radio signal pings to authenticate devices instead.
To be better equipped, learn about all the differences between the WEP, WPA, WPA2, and WPA3 security protocols.
The most secure choice of router encryption type
The best Wi-Fi router is the one that offers the most security. If you can find a router that offers WPA3, that will be one of the most secure options available. WPA3 offers better security, more advanced authentication processes, and a safer experience overall.
If you can, you should make use of other security measures as well, configuring your router to use a VPN and protecting individual devices on your Wi-Fi network with VPN clients.
Of course, you might not be able to get a WPA3 router at the moment, so it’s important to take steps to make your WPA2 router as secure as possible. Even without the latest standard in protocols, you can still make your router more secure.
How to make your router more secure
Even if you’ve already bought a Wi-Fi router, there is still plenty you can do to enhance its security.
- Install updates regularly. Like any device, Wi-Fi routers need to be updated frequently with the latest security patches. This prevents their protection features from becoming outdated and makes them functional for longer.
- Use long passwords. The longer a password is, the more time it takes for a hacker to brute force it. A short password could take just a few seconds to crack, while one that is 10 or more characters might take years. If you were given a router by your internet service provider, make sure to change its default password to something stronger.
- Enable parental controls. Most routers come with systems that allow you to limit access to certain sites, based on keywords or blocklisted URLs. These can prevent children from accessing inappropriate content, and from accidentally exposing your network to malware.
- Configure your router with a VPN. By setting your router up to route data through a VPN server, you can protect every device that connects to the Wi-Fi too. Your router’s IP address will be protected, and data will be encrypted as it travels between your router and the VPN server.