Change Your Router Password to Secure Your Home Network

Follow our instructions for setting a new router password: Internet Scambusters #919

You may practice password safety by using different ones for different sites and by updating them regularly. But that’s not enough.

The key to safety on your home network is to make it as inaccessible as possible by setting a new password on your router — the device that handles all your network connections, as we explain in this week’s issue.

We also have our usual weekly update on three of the latest Coronavirus scams.

Let’s get started…

Change Your Router Password to Secure Your Home Network

The pros keep telling us the days of passwords are almost done. They’re often easy to guess or steal, and they’re tough to remember.

But although we now have biometric alternatives — like facial recognition and fingerprint reading — these have sometimes turned out to be either unreliable or, in some people’s opinions, an invasion of privacy.

Even with biometrics, some programs and apps still require passwords for double checking you are who you say you are, or as an alternative if your device simply doesn’t recognize you.

Others are pieces of equipment like modems and routers that currently have no way of detecting biometrics. You still need a password to access them.

So most of us still use passwords, lots of them, as our main form of identification, meaning there are probably tens of billions of them in use around the world.

And yet we still haven’t learned how to safeguard them, giving them up to hackers, scammers and other types of crooks at the drop of a hat. In fact, in some respects, either we’re getting worse or the crooks are getting better at breaking into our PCs, home networks or online accounts.

For example, a new study by Internet security firm F-Secure showed that many people still fail to change default passwords that come with the smart devices in their homes. Often, these “secret” words are either “admin” or “default.”

But crooks have also discovered more obscure default terms used by DVRs and security cameras. Hacking into these devices is often the easiest way for them to take control of an entire home network and to plant malware around the setup.

So, instead of the guessable passwords most of us know about, a “honeypot” trap set up by F-Secure to lure the scammers found the most common guesses included device defaults like “vizxv” (well-known DVR default) and “1001chin” (used by some routers).

Furthermore, some consumers who do change the default passwords, often these use the same new one for multiple devices, making it easier than ever for the crooks to hack multiple devices.

How to Change a Network Router Password

But, worse than all of this is the fragile security of our routers, the gateway to our network.

Mostly, says F-Secure, hackers are trying to tie the computing resources on a home network into one of their giant botnets — robot networks used for spamming other people who “mining” for virtual currencies.

The firm is urging home users to act now to change any default passwords and even device names on networked equipment.

But, as many people will already have discovered, this isn’t always easy. For instance, do you know how to change the name and password of your router, which is usually the most vulnerable and valuable hacking target?

Don’t be embarrassed to say “no.” You’re probably in the majority because it isn’t always obvious how to do it. In most cases, you access your router’s settings through your Internet browser. But to do that, you must know the router’s IP address — that’s a unique sequence of four groups of numbers that usually start with “192.” Every device on your home network has its own IP address.

If you were wise enough to keep the manual for your router, this will tell you how to change its password. And if you didn’t, you can almost certainly find it on the maker’s website.

Beware, however, of using a site offering manuals for all types of devices. While most of them are legit, others will try to hide malware in the files you download. So, if you can’t get it from the maker’s site, ensure you check any such file with your security software.

If you’re just a little tech savvy, you can also find the router’s IP address in Windows by calling up a command prompt (press the “start” key and then type “cmd”). This will take you to a black screen with a cursor next to the name of your main user folder.

Just type in the word “ipconfig” and press “enter.” This will cause a stream of data to appear on screen and partway down you’ll find the IP address, which you can then key into your browser’s address line.

You can also use a network management app to identify the number.

(For information on how to access your router via an Apple Mac, see How to Change Your Wi-Fi Network’s Name and Password.)

However, if you change your router’s password, be warned that you will then have to “tell” it to all the devices that use it on your Wi-Fi network, like phones, laptops, alarm systems and so on — often a tedious process. But when you’re doing this, you should also use the opportunity to change the devices’ own passwords as well.

Tedious it may be, but changing your router’s password, and choosing a unique combination of letters, numbers and symbols, is probably the most effective way — along with good security software — of securing your home network.

Coronavirus Scams Update

Scammers are still hard at work, using the Covid-19 virus as a platform from which to steal from their victims.

The latest batch of Covid scams includes:

  • A huge increase in fake online sales of pets. The US Federal Trade Commission (FTC) says that in April, the total number of pet scams exceeded the number for the whole of the previous three months. Don’t buy a pet without seeing it in person, the agency says. Also, don’t wire money or use gift cards in payment — they can’t be traced. And beware of heavily discounted prices for what are normally expensive breeds.
  • Using innocent romance-seekers to send stolen stimulus payments and other grants abroad. Using online dating services, the scammers win the confidence of victims and then make up a story about needing to raise money for a family Covid sufferer. The scammer asks the victim if they can help by forwarding money that comes from supposed donors to help pay for treatment. The money the victim receives, however, is stolen from recipients of Coronavirus economic aid. Don’t get involved in this shady activity. You could end up behind bars.
  • Using the stolen identity of someone who is known by the scammer to be employed and then using that ID to claim unemployment benefit. The scammers may use the victim’s legitimate address and then try to divert the payment in some way. They also try to convince the IRS that the payment should come in the form of a prepaid debit card — because the use of these can be difficult to trace.

Please pass on these warnings to friends and family. Count on Scambusters to keep you in touch with all the latest Covid con tricks as well as your regular, weekly anti-scams report. Thank you.

Time to conclude for today — have a great week!