By far, the most important configuration chore for
any new router is to change the default logon password (and username, if
your router requires one). Note that I’m talking about the
administrative password, which is the password you use to log on to the
router’s setup pages. This password has nothing to do with the password
you use to log on to your Internet service provider (ISP) or to your
wireless network.
Changing
the default administrative password is particularly crucial if your
router also includes a wireless AP because a nearby malicious hacker can
see your router. This means that the intruder can easily access the
setup pages just by navigating to one of the common router
addresses—usually http://192.168.1.1 or http://192.168.0.1—and then entering the default password, which for most routers is well known or easy to guess.
Access your router’s setup pages, as described in the previous section, locate the administrative password section (see Figure 1), and then modify the administrative password with a strong password.