Sharing your Wi-Fi doesn't mean giving up security
When family and friends come over, the first thing they inevitably want to do is connect their mobile devices to your home network, especially if they're staying for an extended visit. Picture a holiday like Thanksgiving. Your sister Suzy and her husband Jim both have mobile phones that get crummy service in your area, and their kids – your nieces and nephews – want to watch Netflix on their tablets. If you haven't configured your wireless router to accommodate visitors who want to tap into your home's Wi-Fi, then you have to choose between denying everyone access or sharing your main password.
Luckily there's another way. Every modern day router should have an option for sharing your Wi-Fi on a guest account with limited or restricted access to knobs and dials that visitors have no business playing with. We'll show you how to set this up, as well as make recommendations on how to secure your connection.
Setup a Guest Network
Setting up a guest account is rather easy. It starts with logging into your router, which is many cases involves opening your browser and navigating to 192.168.1.1. This can vary by router model and manufacturer, and since we can't read your mind or spy on your connection like the NSA, you'll have to refer to your router's user manual or look it up on Google, Bing, etc.
Once you've typed in the appropriate address, you should see a pop-up asking for a username and password. In most cases, a default username is Admin. Your password will be whatever you set when first configuring your router, or if you're setting it up for the first time, check the router for a label that has the default login information.
We'll assume this is all a piece of cake and you're able to log into your router. Once you're inside, look for a Guest Network option. Again, the location and steps to get there will vary by router. On most Asus routers, like the RT-AC68U we're using for this guide, you'll find the option in the left-hand column.
Turn on the Guest Network for either the 2.4GHz or 5GHz band, or for both. The 2.4GHz band is supported by more devices and is better at penetrating obstacles like walls and doors, whereas the 5GHz band will likely be less congested. It also offers more throughput, though this shouldn't be much of an issue for a friend or family member that's temporarily tapping into your network to surf the web.
Give the guest network a name and be sure to select a security protocol – we recommend WPA2 Personal. Select a password that isn't easy to guess, yet isn't so complex that it's going to take everyone dozens of tries to input correctly. Since this is a guest network with presumably limited access to the router's mission critical controls, you can be slightly less vigilant here (though still avoid easy to guess passwords like "password" or "123456"). Otherwise, if you're intent on selecting an overly complex password, you can print it on a business card or piece of paper before your guests arrive and then pass it around. Afterwards, destroy the card, change the guest password, or disable guest access.
On the Asus RT-AC68U, we also have the option of limiting the amount of time guests can be logged in, and whether or not we want to allow access to the Intranet, which is your local network. If your router gives you the option of restricting local access, take advantage of it. This ensures that your nieces and nephews can do things like check Facebook, but not tap into your NAS box.
Keep It on the Down Low
Some routers give you the option of hiding the SSID, which is the name of the network you configured. In our above example, the guest SSID is "Freeloaders" though on many Asus routers, there's no easy to way to stop it from broadcasting the SSID like there is with the main SSID(s).
If your particular router has an option to disable broadcasting your guest network, you can enable it to keep the SSID hidden. Keep in mind that determined hackers can still sniff it out, so this doesn't add a lot of security, though it will prevent casual snoops like a neighbor from knowing it's there and trying to leech off of your Wi-Fi.
Continue on for more tips and tricks.
Hey Mac, Where's the Filter?
Yet another option that adds a slim layer of protection is MAC (Media Access Control) filtering. Each Internet-connected device has a unique MAC address associated with its network adapter or network interface card (NIC), and by taking advantage of MAC filtering, you can limit which gadgets are allowed to connect to your network.
Here's the rub – it's not totally secure. As with hiding the SSID, a determined hacker can thwart your efforts, in this case by spoofing the MAC address of a device that you've allowed access. However, it's yet another method to prevent casual leeches from sucking your bandwidth.
It's also a bit of a pain to setup, especially when you're dealing with multiple devices. But if you're determined to go this route, you'll need to know the MAC address of the PC or mobile device requesting access.
In Windows XP, 7, and Vista, click Start, select Run, type CMD and hit enter (if you're rocking Windows 8, right-click the Start button and follow the same instructions). In the Command prompt that opens, type ipconfig /all and press enter. What you're looking for is a set of six two-character entries separated by dashes. You'll find this under the Ethernet adapter section next to Physical Address.
Alternately, you can open up the Control Panel, select Network and Internet, click Network and Sharing Center, and select Change adapter settings in the left-hand side. Right-click on the connection that you're trying to look up a MAC address for and select Properties. Finally, hover your mouse cursor over the "Connect using" text box and the MAC address will appear.
To find the MAC address on an Android device, tap Menu > Settings > About Phone > Status. Scroll down until you see WiFi MAC address. Or you can navigate to Menu > Settings > Wireless and network > WiFi Settings. TheMAC address will be listed under the Advanced section.
Finally, for iOS devices, tap Settings > General > About to see the MAC address.
Once you have the MAC addresses of the devices you want to allow, go into your router's settings, find the MAC filtering option, and input them one at a time. The process for this varies by router, so once again, you'll have to refer to your router's documentation if you can't find the option for MAC filtering on your own.
Create a QR Code for Easy Access
This final tip isn't necessarily a security feature, but is intended for the convenience of your guests (and it will increase your geek cred among family and friends). By creating a QR code for your wireless connection, you can avoid having to repeat your SSID password to Android users. It also makes it more feasible to create stronger passwords, though this won't be much benefit to iOS or Windows users.
In any event, there are multiple programs out there. Two that we recommend are InstaWifi and Wifi QR Code Generator. Both do essentially the same thing – fire up the app, input your guest network credentials, and then print out the QR code it generates. When your Android device-wielding friends arrive, they can simply scan the QR code you printed out and connect to your Wi-Fi.