The modern world is so hooked up to online services that when guests come around, “How ya doing?” will probably be followed by “What’s your Wi-Fi password?” But the hospitable host probably doesn’t realize that revealing this information could pose a network security risk.
For example, guests might accidentally download a malicious program or connect an already infected phone or laptop to the network. Many pieces of malware are able to spread themselves over a local network, and if an infected device is connected to your Wi-Fi, it will try to contaminate everything in its range.
Why set up a guest Wi-Fi network?
It’s possible to be both hospitable and safe — by setting up guest Wi-Fi. A guest Wi-Fi network is essentially a separate access point on your router. All of your home devices are connected to one point and joined as a network, and the guest network is a different point that provides access to the Internet, but not to your home network. As the name suggests, it’s for guests to connect to.
A guest network is a win-win: Friends and acquaintances don’t lose touch with the outside world and your data isn’t compromised. Malware that somehow ended up on a guest’s smartphone will not be able to get into your family photo archive or other important files.
How to set up guest Wi-Fi
Configuring a separate guest network is easier than it sounds. For a start, there’s no need to lay an extra cable or pay your ISP twice. It’s more than likely that your Wi-Fi router will let you set up an additional network for guests — you just need to go into the settings and activate it. To do this, enter your router’s IP address in the URL bar of your browser (usually it’s 192.168.1.1 or 192.168.0.1, but not always). The address should be in the router’s user manual.
In the dialog box that opens, enter the administrator user name and password. If you never got around to changing them, they might be there in your ISP contract or again in the manual. To improve security, we recommend changing them, and so as not to forget them, use a password manager.
In the router settings, find Allow guest access or Guest network. It’s usually hidden away in the Wi-Fi section. If you have trouble finding it, check out the guide again or Google, using the model name of your router. If you have an old or low-end router model, the option to set up a guest network might not exist. But most reasonably modern routers have it.
Having selected the relevant check box, add the name of the guest network (called SSID in the control panel of some routers) — this is the name that your friends will see in the list of available connections.
In some routers, guest Wi-Fi access will immediately kick in; others might need extra tweaking. But in any event, even if the guest network is already active, we recommend that you make sure it’s correctly configured:
- Set a password for the new network. This can usually be done right away, under the network name. Now only those who know the password can access your guest connection.
- Set the encryption type so that information transmitted over Wi-Fi cannot be intercepted. From the available options, select WPA2 (WPA2-PSK or WPA2-Personal in some settings) — a reliable algorithm supported by all modern wireless devices.
- Make sure that the Allow guests to access local network resources (or similar) check box is cleared. There may be no such setting, but if there is, uncheck it so that guests won’t be able to see your files and other information stored on computers, which is essentially the whole point of a guest network. Some routers take the opposite tack, with a check box marked Isolate, which isolates the guest network from your local network. If you have that option, select it.
- Uncheck Allow access to settings (or similar), if such an option exists. If selected, this check box would let guest network users access router settings and reconfigure something there, including their own access permissions. That’s not what you need.
All set! You have now configured a guest Wi-Fi network that both provides secure Internet access and protects your local devices.
Why it’s better to connect IoT devices to a guest network
Incidentally, a guest Wi-Fi network is a good idea not only if you have lots of friends, but also if you have lots of home smart devices. Smart TVs, smart teapots, video game consoles, and the like also need an Internet connection. But they tend to be far more vulnerable than computers with the latest updates installed. That means that if they are connected to the main network and hacked, intruders can get into your other devices.
At the mention of smart devices, many experts say that it’s not that there’s a possibility they’ll be hacked — they’ll be hacked for sure. And whereas a smart light bulb becoming part of a botnet is manageable, a computer turning into a zombie isn’t. Among other things, botnets are used to spread various malware, and if your computer has been turned into a zombie, this malicious code basically has an open pass to its memory.
Connecting all IoT devices to a correctly configured guest network instead of the main network provides additional protection against such attacks. Even if cybercriminals hack one of the IoT devices, they will not be able to penetrate your main network and compromise the computers and smartphones in it.
Sure, a smart washing machine connected to the guest network could still become a member of a botnet and take part in DDoS attacks or cryptocurrency mining (that’s pretty much a standard risk of buying smart things). But in that case, your computer containing bank data and other sensitive information will remain safe.
One last tip before we sign off: Routers are in fact a typical target for botnet creators, so don’t forget to periodically update the firmware of your home router. The latest versions usually patch hackable vulnerabilities.