Wi-Fi security has evolved in recent years to the extent that most modern routers are set up to be secure. Gone are the days where hackers (or pretty much anyone, in fact) would be able to connect to your Wi-Fi without even needing a password. Plus, Wi-Fi has adopted new encryptions methods and routers generally have built-in firewalls and security measures used to protect you from malicious attacks.
But what if someone wanted to hack your Wi-Fi, or you want to get online but all the Wi-Fi networks around you have that annoying padlock symbol? Here we’ll explain how to go about protecting your own network as well as ways you can try to gain access to a ‘locked’ Wi-Fi network.
How to hack Wi-Fi
The truth is you can hack Wi-Fi, but without extreme patience and knowledge, it’s impossible. In fact, even for a professional hacker that’s well trained in hacking encrypted devices, it takes a huge amount of time, skill and dedication. Even after hacking the Wi-Fi password there might be limited information available, due to your computer’s or mobile device’s own anti-virus, firewall and even encryption.
In essence, the effort and knowledge needed to hack a Wi-Fi connection often doesn’t make it worthwhile for you or a hacker who’s unlikely to try and break into your home router at 34 Acacia Avenue.
Since you probably searched for ‘How to Hack Wi-Fi’ to find this article, you’ve probably already seen the fraudulent sites that offer you software that supposedly cracks any Wi-Fi code.
These software programs are often riddled with malware and have tracking cookies within them to monitor your installation and use of the program. We highly recommend not downloading any such program, let alone performing an illegal act by attempting to hack someone’s Wi-Fi connection!
If you decide to ignore this excellent advice, then you’ll probably be running a Linux distro from a USB flash drive to avoid dodgy software downloads destroying your Windows installation and using tools such as Aircrack-ng to try and brute-force a network.
But as we said, this is neither easy nor quick. You’ll have to be able to use the command line and have plenty of time to spare: such tools take hours before they return a password.
So if you’re stuck somewhere with no free public Wi-Fi and want some free internet, you’re probably not going to have enough time to crack the password of any of the networks around you.
What if I just forgot a Wi-Fi password?
Ah, well we have good news: you might be able to use the command prompt in Windows to get it back. This assumes you’re using a laptop or tablet that was previously connected to the network in question, but are being asked for the password again.
In this case, fire up CMD.exe, but do so by right-clicking on the program and choosing Run as Administrator.
netsh wlan show profile
This will show a list of all the networks that Windows has connected to (and for which you haven’t clicked ‘Forget network’).
netsh wlan show profile name=”network_name” key=clear
Obviously, replace network_name with the exact SSID (Wi-Fi network name) you identified from the list, and you must make sure you type it exactly (or copy and paste it if you have Windows 10).
In the resulting text that appears look under Security Settings for Key Content – this is the stored password for that network. If the password hasn’t been updated, then you can copy and paste it when attempting to connect to the network again.
On a mac you can achieve the same thing using Terminal by typing:
security find-generic-password -wa network_name
Again, replace network_name with the exact SSID.
Reset the router
If you can physically access the router, you should be able to find the default SSID and password on a label somewhere. This can be a cunning way to connect to a network without asking anyone. But if they’ve changed it from the default, you’ll have to reset the router to factory settings.
If there’s no label, but you can see a make and model, check the RouterPasswords website for the details. This won’t work for some modern routers, especially those from ISPs, since each one comes with a unique Wi-Fi password.
How can I protect my Wi-Fi from hackers?
Just in case there’s a really dedicated hacker in your local area, there are still a few steps you can take that will make their hacking very tiresome.
First and foremost, disable WPS. What is WPS? Itstands for Wi-Fi Protected Setup, which was created to make Wi-Fi connections simpler and easier. Sounds great at first, until you realise that it creates an easier entry point for hackers. Since it uses an eight-digit PIN it’s even easier to hack through brute-force techniques. This is where those dodgy programs come in: they repeatedly attempt at guessing the PIN, just like deciphering a numerical padlock.
The easiest way to know if you’ve got WPS enabled is to look on your router or the box it came with, as it often has a distinct logo and a physical button located on your router to quickly access WPS. If you’re still unsure, you can go into your router settings, which is usually accessed by typing 192.168.1.1 or 192.168.0.1 (or other, depending on your ISP and router’s manufacturer) in your URL address bar and logging into your router’s admin panel.
The problem with WPS is that it’s often enabled by default by router manufacturers, so it is good practice to disable it, especially if you don’t think you’ll ever use it.
Change the admin password
As you’ve now logged into your router’s settings, you’ll also be able to see an option to change the router’s admin login details. We recommend changing this, as it’s simple to do so and protects you from anyone wanting to mess with your router’s settings.
Many routers (though not usually those which are provided by your ISP) come with a generic username and password, typically ‘admin’ and ‘password’. Changing this will mean it will become a lot harder and near impossible to hack into your router’s admin panel.
Wi-Fi security standards explained: WEP, WPA, WPA2
As we’ve said, modern routers usually have Wi-Fi security (a password) enabled by default. However, a password isn’t simply a password. Wi-Fi can use different standards for encryption. As you’ll be able to see within your router settings for Wi-Fi, there are various different letters and numbers that might look like gibberish to you, so we’ll explain how safe they are.
First of all, the overarching encryption methods WEP, AES and TKIP.
- Wired Equivalent Privacy (WEP) was the norm back in 1997, when the original 802.11 Wi-Fi standard was introduced. This is now deemed insecure and was subsequently replaced in 2003 by WPA through the TKIP encryption method. Therefore, if your router has the option or has it selected by default, you should change it to WPA (TKIP) or WPA2 (AES) immediately.
- Temporal Key Integrity Protocol (TKIP) is also being phased out, but unlike WEP is still seen in most modern routers.
- Advanced Encryption Standard (AES) was introduced shortly after TKIP, as the new and improved WPA2 standard, in 2004. This is the encryption you should be using with WPA2.
These are the most common encryptions and alongside their security modes, are the ones found in most routers nowadays. There are other methods of encryption and other routers that might house enterprise-grade encryption, but when it comes to consumer-grade Wi-Fi, these are the most common ones you’ll find. Put simply: use WPA2 (AES) if you can. Bear in mind that your Wi-Fi devices will also need to support this in order to talk to your router. Most do, but some older kit might not.
Alright, what’s WPA? We’ve told you that WPA2 is the most secure and you should always aim for that. Thankfully nowadays router manufacturers choose WPA2 by default; this also includes ISP providers such as TalkTalk, BT, Sky and Virgin among the others who provide routers to customers. In fact, many use a combination of WPA2 and WPA simultaneously to ensure compatibility with the widest range of wireless kit.
You’ll also quickly see that you’ve got an option (sometimes by default) that has ‘-PSK’ and you’re wondering what that means. PSK or Pre-Shared-Key (also seen as Personal Shared Key), is the authentication that was developed for home users, where plain-English encryptions can be used. This is where enterprise-level authentication differs, where it uses a Remote Authentication Dial-In User Service (RADIUS) to secure its connections.
If you’re offered the choice – you may not be – then choose WPA2-PSK (AES) rather than WPA2-PSK (TKIP).
If you find a device can no longer connect, this is where WPA2-PSK (TKIP/AES) comes in handy, as it uses the newer WPA2 encryption, whilst enabling older devices that might be stuck with TKIP to connect to your router. You may find it listed as WPA2-PSK (mixed mode).
Why is my internet slow?
This might seem odd to include in an article that talks about security, but you might be surprised that WPA and TKIP support only 54Mbps rather than the higher 802.11n rate of 300Mbps (and higher with 802.11ac) when using WPA and AES. Imagine this as a motorway lane, where data has to go from London to Birmingham on the M40. Through WPA and TKIP there’s only one lane that transfers all your data, meaning a lot of traffic and a six-hour drive. With WPA and AES you’ve got a four-lane motorway and the journey time is only a three-hour drive away.
Therefore, if you’re experiencing slow Wi-Fi, your router security methods could very well be the reason why you can’t load up PC Advisor fast enough. This is yet another reason to stay away from WPA and TKIP. In the WPA2-PSK (mixed mode) / WPA2-PSK (TKIP/AES) mode, your router will automatically detect which encryption to use, depending on which phone, tablet or other wireless device you have, which most of the time will have the ability to work with AES. Read next: How to improve Wi-Fi in the home.