Why is the default router password a security risk?

Default router passwords are published in manufacturer manuals and online databases. Anyone who knows your router model can look up the default credentials and access your admin panel, either from your local network or remotely if remote management is enabled. A 2023 Broadband Genie survey found that 86% of home users never changed their default router password. Once an attacker has admin access, they can change DNS settings, monitor traffic, add port forwarding rules, or install persistent backdoors in the firmware.

How does a compromised home router affect remote work security?

A compromised router sits between your work laptop and everything it connects to, including your corporate VPN. If an attacker controls your router, they can intercept DNS queries before the VPN tunnel activates, redirect you to phishing pages that mimic your company's login portals, and log the IP addresses and domains your work device communicates with. Even with a VPN, the initial DNS resolution and connection handshake may pass through the compromised router. Securing your home router is the first step in protecting any corporate data that touches your home network.

Home Router Security

Find out who else is on your home network.

What Is Home Router Security?

Your home router handles every packet of data between your devices and the internet. If someone compromises it, they can see your traffic, redirect your DNS queries, and intercept credentials you send over the network. Most home routers ship with default admin passwords that are published online. A 2023 Broadband Genie survey found that 86% of users had never changed their router's admin password, and 72% had never updated the firmware. This exercise starts with a common scenario. Your internet slows down, and you log into your router's admin panel to check what's happening. You find devices on your network that you don't recognize. The simulation walks you through identifying each connected device, determining which ones belong there, and removing the ones that don't. From there, you change the default admin password, disable WPS (which has known brute-force vulnerabilities), enable WPA3 encryption, and update the firmware to close security holes the manufacturer already patched. The exercise also covers DNS hijacking, where an attacker changes your router's DNS settings to redirect you to phishing pages even when you type the correct URL. You will learn to verify your DNS settings and recognize the signs that your router has been tampered with.

What You'll Learn in Home Router Security

Access your home router's admin panel and change the default administrator password to a strong, unique credential
Identify all devices connected to your home network and remove unauthorized or unknown connections
Update router firmware to the latest version and enable automatic update checks where available
Configure WPA3 encryption and disable insecure features like WPS that expose your network to brute-force attacks
Verify your router's DNS settings to detect and prevent DNS hijacking attempts that redirect traffic to malicious sites

Home Router Security — Training Steps

Working From Home

Today started like any other day - a cup of coffee, a few emails to catch up on, and a client report to finalize. But something isn't right with your internet connection.
Something Feels Off

Pages are taking forever to load, emails are slow to send, and a video call with a colleague kept freezing and dropping. Alice opens an online speed test tool and runs a fresh measurement to see what is happening.
Connection Problems

The results are alarming. Alice's ping is 347ms - it should be under 30ms for a normal connection. Her download speed is just 2.1 Mbps, a fraction of the 100 Mbps she pays for. Something is seriously wrong with her network.
Quick Check

Before investigating further, consider what might be happening on Alice's network.
Inspecting the Router

Alice suspects her home router might be the issue. Before accessing the admin panel, she needs the login credentials. Most routers have a sticker on the device with the default username and password.
Accessing the Admin Panel

Alice found the default credentials: admin / admin. She opens her browser and navigates to 192.168.1.1 - the router's admin panel address.
Logging In

The router login page appears. Alice uses the default credentials she found on the router label: admin / admin. Using default credentials is a major security risk - anyone who knows them can access and reconfigure the router.
The Dashboard

Alice is in the router's admin panel. The dashboard immediately reveals several problems: 8 connected devices - Alice only has 3 personal devices Encryption: Disabled - the WiFi network is completely open Firmware v2.1.3 - possibly outdated Eight connected devices when she only owns three? That explains the slow internet.
Unknown Connections

The Connected Devices page confirms Alice's suspicion. She can only identify 3 devices as her own: Alice's Laptop (her work machine) Alice's iPhone (her phone) Living Room TV (her smart TV) The remaining 5 devices are completely unknown - names like 'android-7f2a', 'DESKTOP-X9K2M', and 'unknown' suggest strangers are connected to her network.
Quick Check

Before taking action, think about the best approach to handle the unauthorized devices.

What Is Home Router Security?

What You'll Learn in Home Router Security

Home Router Security — Training Steps

Working From Home

Something Feels Off

Connection Problems

Quick Check

Inspecting the Router

Accessing the Admin Panel

Logging In

The Dashboard

Unknown Connections

Quick Check