How many Wi-Fi signals are there in your immediate vicinity? If you live on a terrace, you might see ten individual SSIDs. How about an apartment block? Wi-Fi signals are broadcast throughout the building, both in and out. In fact, there is a good chance your internet speed is being negatively affected by this cacophony of wireless signals.

There is another issue here, too. If your Wi-Fi SSID is being broadcast to the surrounding houses and your security is lackluster, there is a chance your internet is being stolen. Here's how you lock them out.

Check Your Wi-Fi Router for Intruders

Your first port of call is your router. If a neighbor is stealing your precious bandwidth, their activity will appear in your router. Unfortunately, not every router contains or grants access to this information.

Log in to your router by typing its IP address directly into your browser. For the vast majority of routers, this is achieved by typing either 192.168.0.1, 192.168.1.1, or 192.168.1.254. Your Wi-FI router IP address is sometimes printed on the router itself, along with the username and password needed to log in.

Once logged in, search for a section called Attached Devices or Device List. This section appears under Status > Wireless on a router flashed with DD-WRT. Once you find the page, check the connected devices. I've posted the current wireless connections to my own router below. I can account for every device.

bt router showing wifi connections on home network

If you cannot, you've got an intruder. There should be an option to remove, delete, or block the device from connecting to your router.

Change the Default Admin Password

Your router comes with a default admin username and password, and this should be one of the first things you change.

Numerous websites allow you to search for default login credentials by router model. This is clearly a risk, so change the admin password via your router's web page. Create a password just like you would for any other account, by which we mean a strong and unique password.

Check Your Wi-Fi Router Security Settings

If you're still unsure if someone is stealing your Wi-Fi, it's time to take a closer look at your Wi-Fi router settings. Although most routers are configured toward security out of the box, don't assume it has the best security configuration available. For example, you only have to look at the use of a default password in the previous section. Now, that default password is meant to make things easier, but it's also a vulnerability, so it's worth checking your router security settings.

Use WPA2 or WPA3

You must absolutely use WPA2 or WPA3 encryption to protect your password. If you're currently using WEP, stop right now! WEP is the oldest, least-secure way to protect your Wi-Fi. WEP is the least effective form of password encryption: it's very easy to crack and will only keep out the most casual of casual users.

Depending on the age of your router, it will support the much stronger WPA2 security standard or even WPA3, which is even stronger. While neither WPA2 nor WPA3 are perfect, they will protect your Wi-Fi from theft, so it's worth learning how to change the Wi-Fi passwords on your router.

Hide Your SSID

This might help protect against Wi-Fi theft in a dense concentration of network signals. Your SSID—the name of your Wi-Fi network—will not be broadcast to the surrounding area. However, anyone can use freely available hacking tools to reveal it immediately, which somewhat negates its use against someone determined to steal your Wi-FI. Alternatively, rename your SSID to something terrifying.

Turn Off WPS

The Wi-Fi Protected Setup (WPS) is another potential vulnerability that can be exploited to gain access to your internet. WPS is susceptible to an online brute-force attack when using a PIN to validate new connections. The issue stems from how the PIN is processed.

The PIN is an eight-digit number. When a new computer attempts to access the connection using a PIN, it is checked for validity... in two halves. Cutting the number in half drastically reduces the number of guesses needed to recover the PIN. This is further reduced since the second half of the PIN only has three active digits, reducing the number of combinations to 1,000.

When a new computer attempts to access the connection, a PIN is created. The PIN consists of eight digits. The validation process checks the first and second halves of the PIN as separate entities. Furthermore, the second half has only three active digits. Consequently, the first four digits have 10,000 combinations, and the second (reduced) three digits have 1,000, resulting in a miserly 11,000 potential PIN combinations.

The tool originally created to exploit this vulnerability was sold for a cool $1.5 million. Since then, the Reaver exploit has become widespread. Kali Linux users will be familiar with Bully, another WPS-hack tool included with the security-focused Linux distribution.

Switching WPS off is one of the fastest ways to boost your Wi-Fi security.

Passphrase vs. Password

How is your memory? Remembering a stack of strong, unique passwords is extremely difficult. I can remember exactly four on a really good day, and probably after a strong coffee. Luckily, your device will remember your password. All you have to do is change it to something memorable and remember that a password becomes stronger with each unique character. The difficulty of remembering so many unique passwords is the main reason people use a password manager.

Consider, though, an alternative: a passphrase. A passphrase is as it sounds. Instead of combining a really difficult-to-remember set of characters, you can create a much longer passphrase in its place. A passphrase has infinitely more characters and can still include a few misnomers to throw off a potential hacker.

xkcd cartoon detailing passphrase entropy
Image Credit: XKCD

Monitor Your Wi-Fi Network For Intruders

Keeping a close eye on your Wi-Fi network is a simple process using your smartphone. There are several ways you can check your Wi-Fi network for suspicious devices, but we suggest Fing, a free app available for both iOS and Android.

fing network checker app home
fing network checker app network devices
fing network checker app network items tab
fing network checker app security tab with scanning options

Download: Fing for iOS | Android (Both Free)

Fing lists each device currently connected to the same Wi-Fi network as you and displays a handy range of information. In addition, you can add specific information relating to your devices to keep track of them. There are also options to analyze your network, Wi-Fi security tips, and more.

Misnomer: MAC Address Filtering

Your laptop, your phone, your tablet, and even your router has a unique MAC address. It can be used to identify specific gadgets throughout your home, as well as the device of a neighbor piggybacking on your internet. MAC filtering is easy to set up.

Unfortunately, it is trivially easy to change or spoof a MAC address. You could identify the specific MAC address used by your neighbor, and block it, only to find them back online.

example mac address

The spoofing is an issue, too. If they can connect to your Wi-Fi, there is a chance they've noted the MAC addresses of your devices. This would render a proactive whitelist approach somewhat useless, as the Wi-Fi thief could spoof the MAC of a whitelisted device.

Finally, each time you want to connect a new device to your network, you'll have to find the MAC address and add it to the filtering system.

Lock Down Your Wi-Fi Network!

In all seriousness, the biggest and easiest thing you can do right now is to ensure you're using WPA2 or WPA3 with a strong, unique Wi-Fi password or passphrase. If someone is looking to steal your internet, they're highly likely to be deterred by this combination.