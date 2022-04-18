Directly from the device list. Blocking the MAC address.

However, regardless of which of these two modes we choose, we must compare the MAC addresses of unknown devices with those we have at home before banning or blocking. If we don’t do this, we could accidentally lock an important device in our home. In this aspect, we must take our time, go one by one, and if we block one by mistake, return access.

What to do if you detect an intruder

In the event that neighbors steal your Wi-Fi, it is best to block them using one of the options that we discussed in the previous section. On the other hand, if we want the intruder to stop using our Wi-Fi immediately, it is best to disconnect the router from its power source or press the power button if it has one. Then the best option would be to turn off the Wi-Fi of our router, connect by network cable and start with change router password.

Then to configure the router while temporarily preventing Internet access we can:

Disconnect the RJ-11 telephone cable if we have an ADSL router. Turn off the fiber optic ONT if it is not integrated in the router.

In the event that we have come this far, that implies that we are going to have to make a series of changes to prevent neighbors from stealing your Wi-Fi. However, even if everything is fine from time to time, it is advisable to do a security review of our connection and make a series of changes.

Check WiFi encryption and change the key

A very important point is that we must not have an open Wi-Fi network that allows people to connect without a password. The reason is that if someone does something illegal online from our connection it can bring us legal problems, although in the investigation it will be possible to verify that we have not really been, but that they have accessed our WiFi router. However, the most important part is that it can also compromise the security of our data and equipment.

Change the SSID or name of our Wi-Fi network it will not prevent you from trying again, you will have to check the wireless MAC address (BSSID) and connect again, so it is not a valid solution. We could also consider hiding the SSID but it has the inconvenience that some device may not be able to connect, in addition, as soon as a device connects, it could very easily find out what the new SSID is and establish the connection manually.

As for the name of the WiFi network, it is advisable to choose a generic one, easy to remember and similar to that of the operators to go unnoticed. If our router is dual-band and has two SSIDs, we must change both.

As for encryption, WEP and WPA should be discarded, since they are currently considered insecure. In that aspect it is advisable to use WPA2 Personal at least that uses a system of PSK keys or pre-shared keys. WPA2 currently only allows AES to be used.. The reason is that vulnerabilities have been found in TKIP and it is no longer part of the standard. All “newer” routers incorporate WPA2 in its AES form only, not allowing TKIP to be chosen at all.

However if it is available it is better to opt for the recent WPA3 or an option that combines WPA2 with WPA3 to provide compatibility. A very important detail is that if we choose WPA2 and WPA3, a possible attacker will be able to carry out a “downgrade” attack with the aim that the WiFi client connects with WPA2 instead of WPA3, and allow all the usual attacks to this type of encryption.

On the other hand, especially when there are intruders and periodically it is convenient to change the password of the Wi-Fi network. In this aspect, we must worry about choosing a secure password that must have the following characteristics:

It must have a minimum length of 12 characters.

It must contain uppercase, lowercase, numbers, and special symbols such as @.

Once our new Wi-Fi key is set, we must apply the changes, and if necessary, we must restart the router. Then it’s time to put that password back on our smartphones, tablets, game consoles, Smart TVs, smart plugs and other Wi-Fi connected devices. Obviously, keep that new password private and share it with as few people as possible. You must remember that current routers have guest WiFi networks that are isolated from the main WiFi network, so our communications will be safe.

Disable WPS

Using a good, modern encryption standard can keep us away from cybercriminals and also prevents your neighbors from stealing your Wi-Fi and spying on you. However, there are still more risks that can compromise the security of our Wi-Fi network.

For that reason, you have to disable the WPS (Wi-Fi Protected Setup) as it is also insecure and could provide a point of attack for a cyber criminal. Although it is true that it makes Wi-Fi configuration easier by not having to type complex passwords, it should also be noted that having it active is dangerous, especially if you use the PIN code method as many routers do.

Disable guest WiFi network if not in use

Some Wi-Fi routers support guest accounts that are isolated from your main local area network (LAN), use an alternate password, and may be subject to other restrictions. If Wi-Fi is being stolen from us through a guest account, we must log in to the configuration interface of our router and deactivate it. Regardless of this, if we do not use the guest WiFi networkFor security it is best to disable it.

Finally, to prevent neighbors from stealing your Wi-Fi, it is best not to give it to anyone, remember that we are ultimately responsible for our connection. If we offer it to someone, it has to be a person we absolutely trust because otherwise it could end up in the hands of other neighbors.