Router Security Choosing an SSID Website by     
Michael Horowitz 
Home | Site Index | Router Bugs | Security Checklist | Tests | Resources | Stats | About | Search |
I spoke about Router Security at the O'Reilly Security Conference in New York City on Nov. 1, 2017. See a PDF of the slides

The SSID (Service Set IDentifier) is the name of a wireless network. If a router can create more than one network, then each can have its own name/SSID. Whether each should have its own name is a debatable issue, but not a security one.

You should change the default SSID(s), for a couple reasons, one technical one not.

Using a default or common SSID, can make it easier for bad guys to crack the WPA2 encryption. The network name is part of the encryption algorithm, and password cracking dictionaries (rainbow tables) include common SSIDs. Thus, a popular SSID makes the hacker’s job easier.

On a totally different level, you don't appear to be technically clueless. Anyone who has not changed the default network name is immediately pegged as a non-techie whose defenses are likely to be poor. There might as well be a "hack me" sign on the network.

I have seen others argue that changing an SSID that has the vendor name in it is good for security, as it hides the company that made your router. It does not. The identity of the hardware vendor is advertised for the world to see in the MAC address that the router broadcasts. Even if you change a default SSID of "Linksys" to "Netgear", anyone with a Wi-Fi survey app such as WiFi Analyzer on Android can tell that the router was made by Linksys.

Choosing a Network Name

The network name you choose should not give away any personal information. I have relatives whose SSID is "The Smith Family" perhaps the worst possible name (their last name is not really Smith). If everyone knows you are a New York Mets fan, don't use "metsfan" as your SSID. If you live in apartment 3G, name your network "Apartment5E". Don't make it easy for someone to target you.

In a tech support document, Recommended settings for Wi-Fi routers and access points Apple says to "Choose a name that's unique to your network and isn't shared by other nearby networks or other networks you are likely to encounter. If your router came with a default SSID it's especially important that you change it to a different, unique name ... If your SSID isn't unique, Wi-Fi devices [may] .. connect to other networks sharing the same SSID."

Apple is right in that you should chose a network name not used anywhere your portable Wi-Fi devices will go. But, to do so, you need a truly unique SSID, one not used by anyone else in the world. I don't think that's a good idea, as it makes it too easy for bad guys and spies to find you. I suggest a happy medium. And, yes many WiFi devices opt for ease-of-use over security, and thus connect to scam networks with the same SSID as one you have seen before. The defense against this is keep WiFi off when not in use.

As a starting point for choosing a name, think of race horse names and combine two or three words.

Use common sense in choosing a network name. In May 2016, some jerk on a Qantas flight out of Melbourne Australia named their network "Mobile Detonation Device." The pilot wouldn't take off until the network was identified. Some passengers were scared and left the plane, which eventually took off three hours late.

Assuming no one in the location of the router is named Harvey, then you may want to call your network HarveyNet. If the router is dual band, that is, it offers WiFi on both the 2.4GHz and 5GHz bands, then you may want to call the 2.4GHz network HarveyNet2 or HarveyNet24 or HarveyNet2.4.
  Likewise, the 5GHz network could be something like HarveyNet5 or HarveyNet5ghz
  If you create a Guest network, it could be HarveyNetGuest or HarveyNet-Guest.
  If you create a Guest network on each frequency band, they could be HarveyNet-Guest24 and HarveyNet-Guest5

Syntax Rules for Network Names

The maximum length of a WiFi network name is 32 bytes/characters.

SSIDs are case sensitive, thus "abc" is treated as a different name than "aBc".

Special characters (spaces, periods, dashes, underscores etc) are allowed. Its probably best to avoid the pipe character (vertical line). And, any use of a special character may be asking for trouble.

Don't Bother Hiding

Your router probably has an option to hide the SSID, usually a checkbox for whether or not to "broadcast" the name (it may also be called "network cloaking"). Hiding the SSID has been called a security feature, but it really is not. The protection offered by not broadcasting the SSID is trivially easy to bypass. In my opinion, and the opinion of many experts, it's not worth the operational hassle. Let the name be broadcast. This can serve as a good litmus test though. Any article that suggests hiding the SSID for security reasons is not worth reading.

Nerd Humor in Network Names

The maximum length of an SSID is, technically, 32 bytes, rather than 32 characters. The difference can be seen with Unicode characters that consist of more than one byte (a byte is 8 bits). With some fudging, you can create a network name that consists of emojis. See this Ars Technica article for more: Scare your neighbors with a spooky Halloween network name. This is pushing the envelope though as some devices prevent non-latin characters in the SSID.

More funny SSIDs are here Stay off my LAN! Our top WiFi names from August 2015. This includes "Mum, click here for Internet" and "Lord of the Pings". Also, some neighbors take out their anger with "You're music is annoying" and "QUIT STEALING MY PAPER". The article was such a hit, that part two followed in October 2015: Our top WiFi names, part 2. The new list includes my personal favorite "searching....".

See Using A Wi-Fi Network's Name To Broadcast A Political Message from Feb. 2017. Quoting: "President Trump's supporters and opponents have expanded their battlefield even to the choice of their own Wi-Fi names - identifying their networks according to what they think of the president. Examples range from the F-word followed by Trump's name to the acronym 'MAGA Wi-Fi,' which stands for Make America Great Again Wi-Fi."

From Oct. 2016 on Reddit: What is the best Wi-Fi name you have ever seen? This has some goodies: 'TellMyWiFiLoveHer', 'C:/virus.exe', 'The PromisedLAN', 'ThisLANIsYourLAN', 'No internet connection available', 'DropItLikeItsHotSpot', 'AbrahamLinksys' and, at a YMCA, this: 'The Y-Fi'. It also has a new contender for my favorite: 'ThisIsNotTheWifiConnectionYoureLookingFor'. No, Obi-Wan, I suppose it isn't.

Everyone Is Trying to Outdo Each Other With Cute Wi-Fi Names New York Times September 13, 2017. Quoting: "Network names have gone from being boring digit chains to another opportunity for personalization, like vanity plates or monogrammed towels." The article describes people who choose names that say something about themselves, their business or their home. Not a good idea.

This page was last updated: October 25, 2017 4PM CT     
Created: July 11, 2015
Viewed 54,557 times since July 11, 2015
(59/day over 922 days)     
Website by Michael Horowitz      
Feedback: routers __at__ michaelhorowitz dot com  
Copyright 2015 - 2018