Router Security Choosing an SSID Website by     
Michael Horowitz 
Home | Site Index | Bugs | News | Security Checklist | Tests | Resources | Stats | About | Search |
New page on learning what your current DNS servers are: Test Your DNS Servers
 

The SSID (Service Set IDentifier) is the name of a wireless network. If a router can create more than one network, then each can have its own name/SSID. Whether each should have its own name is a debatable issue, but not a security one.

You should change the default SSID(s), for a couple reasons, one technical one not.

Using a default or common SSID, can make it easier for bad guys to crack the WPA2 encryption. The network name is part of the encryption algorithm, and password cracking dictionaries (rainbow tables) include common SSIDs. Thus, a popular SSID makes the hacker’s job easier.

On a totally different level, you don't appear to be technically clueless. Anyone who has not changed the default network name is immediately pegged as a non-techie whose defenses are likely to be poor. There might as well be a "hack me" sign on the network.

I have seen others argue that changing an SSID that has the vendor name in it is good for security, as it hides the company that made your router. It does not. The identity of the hardware vendor is advertised for the world to see in the MAC address that the router broadcasts. Even if you change a default SSID of "Linksys" to "Netgear", anyone with a Wi-Fi survey app such as WiFi Analyzer on Android can tell that the router was made by Linksys.

Choosing a Network Name

The network name you choose should not give away any personal information. I have relatives whose SSID is "The Smith Family" perhaps the worst possible name (their last name is not really Smith). If everyone knows you are a New York Mets fan, don't use "metsfan" as your SSID. If you live in apartment 3G, name your network "Apartment5E". Don't make it easy for someone to target you.

In a tech support document, Recommended settings for Wi-Fi routers and access points Apple says to "Choose a name that's unique to your network and isn't shared by other nearby networks or other networks you are likely to encounter. If your router came with a default SSID it's especially important that you change it to a different, unique name ... If your SSID isn't unique, Wi-Fi devices [may] .. connect to other networks sharing the same SSID."

Apple is right in that you should chose a network name not used anywhere your portable Wi-Fi devices will go. But, to do so, you need a truly unique SSID, one not used by anyone else in the world. I don't think that's a good idea, as it makes it too easy for bad guys and spies to find you. For example, if the SSID is truly unique you are at risk when one of your wireless devices broadcasts the SSID while its looking to connect. Someone could look up your home SSID at wigle.net and find out where you live.

I suggest a happy medium. And, yes many WiFi devices opt for ease-of-use over security, and thus connect to scam networks with the same SSID as one you have seen before. The defense against this is keep WiFi off when not in use.

As a starting point for choosing a name, think of race horse names and combine two or three words.

Use common sense in choosing a network name. In May 2016, some jerk on a Qantas flight out of Melbourne Australia named their network "Mobile Detonation Device." The pilot wouldn't take off until the network was identified. Some passengers were scared and left the plane, which eventually took off three hours late.

Assuming no one in the location of the router is named Harvey, then you may want to call your network HarveyNet. If the router is dual band, that is, it offers WiFi on both the 2.4GHz and 5GHz bands, then you may want to call the 2.4GHz network HarveyNet2 or HarveyNet24 or HarveyNet2.4.
  Likewise, the 5GHz network could be something like HarveyNet5 or HarveyNet5ghz
  If you create a Guest network, it could be HarveyNetGuest or HarveyNet-Guest.
  If you create a Guest network on each frequency band, they could be HarveyNet-Guest24 and HarveyNet-Guest5

Syntax Rules for Network Names

The maximum length of a WiFi network name is 32 bytes/characters.

SSIDs are case sensitive, thus "abc" is treated as a different name than "aBc".

Special characters (spaces, periods, dashes, underscores etc) are allowed. Its probably best to avoid the pipe character (vertical line). And, any use of a special character may be asking for trouble.

Don't Bother Hiding

Your router probably has an option to hide the SSID, usually a checkbox for whether or not to "broadcast" the name (it may also be called "network cloaking"). When enabled, it requires you type in the name of the network when connecting, rather than picking the network from a list of those detected nearby. Hiding the SSID has been called a security feature on the theory that bad guys can't hack into a network they can't see. But, the protection offered by not broadcasting the SSID is trivially easy to bypass. In my opinion, and the opinion of many experts, hiding the network name is not worth the operational hassle. Let the name be broadcast.

The best use of SSID hiding is as a litmus test. Any article that suggests doing so for security reasons is not worth reading. Much like MAC address filtering. For example, Consumer Reports magazine suggested hiding your SSID in a November 2016 article 66 Ways to Protect Your Privacy Right Now (item 48).

April 15, 2018: A reader raised an interesting question - what about a Wi-Fi network that is devoted to IoT devices? Since no people will be connecting to the network, there is no reason to broadcast the SSID. On the one hand, perhaps not broadcasting the SSID in this case would make the network a bit more secure. On the other hand, it might attract the attention of bad guys in the neighborhood who might think it was worth attacking the network specifically because the owner went to the trouble of hiding it.

Nerd Humor in Network Names

The maximum length of an SSID is, technically, 32 bytes, rather than 32 characters. The difference can be seen with Unicode characters that consist of more than one byte (a byte is 8 bits). With some fudging, you can create a network name that consists of emojis. See this October 2014 Ars Technica article for more: Scare your neighbors with a spooky Halloween network name. This is pushing the envelope though as some devices prevent non-latin characters in the SSID.

More funny SSIDs are here Stay off my LAN! Our top WiFi names from August 2015. This includes "Mum, click here for Internet" and "Lord of the Pings". Also, some neighbors take out their anger with "You're music is annoying" and "QUIT STEALING MY PAPER". The article was such a hit, that part two followed in October 2015: Our top WiFi names, part 2. The new list includes my personal favorite "searching....".

From NPR's All Tech Considered in Feb. 2017, we have Using A Wi-Fi Network's Name To Broadcast A Political Message. Quoting: "President Trump's supporters and opponents have expanded their battlefield even to the choice of their own Wi-Fi names - identifying their networks according to what they think of the president. Examples range from the F-word followed by Trump's name to the acronym 'MAGA Wi-Fi,' which stands for Make America Great Again Wi-Fi."

From Oct. 2016 on Reddit: What is the best Wi-Fi name you have ever seen? This has some goodies: 'TellMyWiFiLoveHer', 'C:/virus.exe', 'The PromisedLAN', 'ThisLANIsYourLAN', 'No internet connection available', 'DropItLikeItsHotSpot', 'AbrahamLinksys' and, at a YMCA, this: 'The Y-Fi'. It also has a new contender for my favorite: 'ThisIsNotTheWifiConnectionYoureLookingFor'. No, Obi-Wan, I suppose it isn't.

Everyone Is Trying to Outdo Each Other With Cute Wi-Fi Names New York Times September 13, 2017. Quoting: "Network names have gone from being boring digit chains to another opportunity for personalization, like vanity plates or monogrammed towels." The article describes people who choose names that say something about themselves, their business or their home. Not a good idea.

An April 2018 tweet by Heidi N Moore called out "This LAN is My LAN" and "This LAN is Your LAN" (seen before from Reddit, above) which prompted responses with other humorous SSIDs: "The Dark SSID of the Force", "Wu-Tang LAN", "LAN before time", and "Getyourownwifi".

Some from a May 2018 article at qz.com are: Lan Solo, LAN Before Time, Bill Wi the Science Fi, Winona Router, Chance the Router, Silence of the LANS, and, perhaps the best of the lot, seen in Australia - the LAN down under.


Top 
This page was last updated: September 13, 2018 1AM CT     
Created: July 11, 2015
Viewed 77,650 times since July 12, 2015
(62/day over 1,256 days)     
Website by Michael Horowitz      
Feedback: routers __at__ michaelhorowitz dot com  
Changelog
Copyright 2015 - 2018