What is the best choice for wireless security?

Wireless networking is everywhere. Pretty amazing when you realize that ten years ago it wasn’t anywhere. Wi-Fi is so commonplace that it’s impossible to think of a home or office without it. Yet, many of these systems are set up and forgotten, never upgraded and that means possible security risks. By their nature, Wi-Fi networks are more secure than cellular networks because they don’t extend very far, but that doesn’t stop someone in the house or apartment next door from hacking in. Many passwords are pretty weak and the security protocols that were originally set aren’t strong enough.

You should use a strong password, which honestly most of us don’t do unless we have to. Strong passwords are usually long strings of letters and numbers that are just painful to enter. But come on, don’t just use the name of your dog or your favorite sports team. Give the hackers a little challenge at least. Changing common vowels out for letters or punctuation is a common enough trick that it’s pretty useless. At the very least, choose a phrase that’s deliberately spelled wrong or out of order.

In order to really get the best result though, you’ll need to be using the latest security. If your router is on the older side, it may not support anything but WEP security, but that method was cracked so long ago that you may as well be using nothing. The current method is WPA2, at least for now. WPA3 is right around the corner, though. If you’re not using WPA2, you should be, and if your router doesn’t support WPA2, consider upgrading your router. Any of your hardware made after 2008 should support it. Most routers you can buy today will support WPA3, although it may be up to a year before you see that upgradeability. Older routers should be replaced after WPA3 comes out.

The lure of “Mixed Mode”

If you haven’t looked at your networking setup in a while, it may be out of date. You may have set the security to “WPA/WPA2 Mixed” in order to use older devices. This is a trap — all it does it set your system to the lowest possible form of security. If you really need your network set up this way in order for it to work, you need to find the device that still requires WPA (not WPA2) and replace it.

Personal? Enterprise? AEP? TKIP?

You may have seen several choices for security depending on your router. The best choice is WPA2-AES, WPA2 Enterprise, or WPA2 Professional. TKIP is considered obsolete and it’s already been “cracked.” AES, which stands for Advanced Encryption System, is a pretty complex affair that while far from uncrackable, would take such a long time that it would become pretty obvious someone was trying to get in. That will change of course with faster computers, but for now it’s the state of the art.

Guest Networks? Use with care.

You may consider creating a guest network for your friends to use. That’s a good idea but don’t forget that you’ll need to put some serious security there too. Most people put up a guest network with little or no security, so that it’s easier to grant access to friends. The wall between your guest network and your regular home network is pretty strong, but if you’re using a consumer-level router, it’s not impenetrable. And never, ever, ever, put any of your regular equipment on a guest network.

Remember, it really is your digital life on the line here. An attacker who gets your passwords could seize all your money, learn everything about you, steal your identity or worse… post on Facebook as you!

About the Author

Stuart Sweet
Stuart Sweet is the editor-in-chief of The Solid Signal Blog and a "master plumber" at Signal Group, LLC. He is the author of over 8,000 articles and longform tutorials including many posted here. Reach him by clicking on "Contact the Editor" at the bottom of this page.