Router Security SSID Website by     
Michael Horowitz 
Home | Site Index | Router Bugs | Security Checklist | Tests | Resources | Stats | About | Search |
I will be speaking about Router Security at the O'Reilly Security Conference in New York City at the midtown Hilton Hotel (Sixth Ave and 53rd Street). The conference runs from Oct. 30 to Nov. 1, 2017. I am slated for Nov 1st at 3:50pm in the Sutton South room on the second floor.


Choosing an SSID

The SSID (Service Set Identifier) is the name of a wireless network. If a router can create more than one network, then each can have its own name/SSID. Whether each should have its own name is a debatable issue, but not a security one.

You should change the default SSID(s).

I have seen others argue that changing an SSID that has the vendor name in it is good for security, as it hides the company that made your router. In truth, it does not. The identity of the hardware vendor is advertised for the world to see in the MAC address that the router broadcasts. Even if you change a default SSID of "Linksys" to "Netgear", anyone with a WiFi survey app such as WiFi Analyzer on Android can tell that the router was made by Linksys.

The real reason to change the default SSID is so that you don't appear to be technically clueless. Anyone who has not changed the default network name is immediately pegged as a non-techie whose defenses are likely to be poor. There might as well be a "hack me" sign on the network.

The network name you choose should not give away any personal information. I have relatives whose SSID is "The Smith Family" perhaps the worst possible name (their last name is not really Smith). If everyone knows you are New York Mets fan, don't use "metsfan" as your SSID. If you live in apartment 3G, name your network "Apartment5E". Don't make it easy for someone to target you.

The network name is involved in encryption, so a very simple name, such as a word in the dictionary, enables the use of rainbow tables to break the encryption. As a starting point for choosing a name, think of race horse names and combine two or three words.

The maximum length of a WiFi network name is 32 bytes/characters. Special characters (spaces, periods, dashes, underscores etc) are allowed. Its probably best to avoid the pipe character (vertical line). And, any use of a special character may be asking for trouble.

SSIDs are case sensitive, thus "abc" is treated as a different name than "aBc".

Your router probably has an option to hide the SSID, usually a checkbox for whether or not to "broadcast" the name (it may also be called "network cloaking"). Hiding the SSID has been called a security feature, but it really is not. The protection offered by not broadcasting the SSID is trivially easy to bypass. In my opinion, and the opinion of many experts, it's not worth the operational hassle. Let the name be broadcast. This can serve as a good litmus test though. Any article that suggests hiding the SSID is not worth reading.

Assuming no one in the location of the router is named Harvey, then you may want to call your network HarveyNet. If the router is dual band, that is, it offers WiFi on both the 2.4GHz and 5GHz bands, then you may want to call the 2.4GHz network HarveyNet2 or HarveyNet24 or HarveyNet2.4.
  Likewise, the 5GHz network could be something like HarveyNet5 or HarveyNet5ghz
  If you create a Guest network, it could be HarveyNetGuest or HarveyNet-Guest.
  If you create a Guest network on each frequency band, they could be HarveyNet-Guest24 and HarveyNet-Guest5
  Just a suggestion.

In a tech support document, Recommended settings for Wi-Fi routers and access points Apple says to " Choose a name that's unique to your network and isn't shared by other nearby networks or other networks you are likely to encounter. If your router came with a default SSID (network name), it's especially important that you change it to a different, unique name ... If your SSID isn't unique, Wi-Fi devices [may] .. connect to other networks sharing the same SSID."

Apple is right in that you should chose a network name not used anywhere you're portable Wi-Fi devices will go. But, to do so, you need a truly unique SSID, one not used by anyone else in the world. I don't think that's a good idea, as it makes it too easy for bad guys and spies to find you. I suggest a happy medium. And, yes many WiFi devices opt for ease-of-use over security, and thus connect to scam networks with the same SSID as one you have seen before. The defense against this is keep WiFi off when not in use. Highly recommended.

Outside of security, there is also common sense. In May 2016, some jerk on a Qantas flight out of Melbourne Australia named their network "Mobile Detonation Device." The pilot wouldn't take off until the network was identified. Some passengers were scared and left the plane, which eventually took off three hours late.

Nerd Humor in Network Names

The maximum length of an SSID is actually 32 bytes, rather than 32 characters. The difference can be seen with Unicode characters that consist of more than one byte (a byte is 8 bits). With some fudging, you can create a network name that consists of emojis. See this Ars Technica article for more: Scare your neighbors with a spooky Halloween network name. This is pushing the envelope though as some devices prevent non-latin characters in the SSID.

More funny SSIDs are here Stay off my LAN! Our top WiFi names from August 2015. This includes "Mum, click here for Internet" and "Lord of the Pings". Also, some neighbors take out their anger with "You're music is annoying" and "QUIT STEALING MY PAPER". The article was such a hit, that part two followed in October 2015: Our top WiFi names, part 2. The new list includes my personal favorite "searching....".

See Using A Wi-Fi Network's Name To Broadcast A Political Message from Feb. 2017. Quoting: "President Trump's supporters and opponents have expanded their battlefield even to the choice of their own Wi-Fi names - identifying their networks according to what they think of the president. Examples range from the F-word followed by Trump's name to the acronym 'MAGA Wi-Fi,' which stands for Make America Great Again Wi-Fi."

From Oct. 2016 on Reddit: What is the best Wi-Fi name you have ever seen? This has some goodies: 'TellMyWiFiLoveHer', 'C:/virus.exe', 'The PromisedLAN', 'ThisLANIsYourLAN', 'No internet connection available', 'DropItLikeItsHotSpot', 'AbrahamLinksys' and, at a YMCA, this: 'The Y-Fi'. It also has a new contender for my favorite: 'ThisIsNotTheWifiConnectionYoureLookingFor'. No, Obi-Wan, I suppose it isn't.

Everyone Is Trying to Outdo Each Other With Cute Wi-Fi Names New York Times September 13, 2017. Quoting: "Network names have gone from being boring digit chains to another opportunity for personalization, like vanity plates or monogrammed towels." The article describes people who choose names that say something about themselves, their business or their home. Not a good idea.

This page was last updated: September 14, 2017 12PM CT     
Created: July 11, 2015
Viewed 47,167 times since July 11, 2015
(56/day over 835 days)     
Website by Michael Horowitz      
Feedback: routers __at__ michaelhorowitz dot com  
Copyright 2015 - 2017