For many of us, after you get your
WiFi and router initially set up, you don't think about it again,
unless of course it starts acting up. But there are a lot more settings for
your router than you’re probably aware of, and some of them you might want to change,
for either security or performance reasons. So in this video I’m going to go over how to
actually find these settings, 5 in particular, and explain why you might want to change them
depending on your circumstances. And don’t worry about any technical terms, I’ll explain everything
in a way hopefully everyone can understand. Speaking of security and privacy, which
by now you should know I care a lot about, let me tell you about today's sponsor, Mine. Mine
lets you find out which companies have your data, and let's you control where you do or don't want
to keep it. You start out by going to SayMine.com, and just sign in with your email account you want
to analzye, and give it a minute to do it's thing. Mine will only analyze only the
subject line and sender of the email, plus with some other metadata to figure
out which companies you've interacted with, but as their privacy policy states, they
don't collect the content of your email for the analysis. Then when it's done, it
shows you the results. For myself there are over 250 companies that have data on
me... hmm not sure how I feel about THAT. On the 'my footprint' page I can see a
selection of these companies, but I can gather up the courage to look through the entire
list, which I can assure you is eye-opening. By clicking on a company, it shows me for
example that EA stores info like my financial and identiy data, as well as online behavior,
in addition to having a somewhat elevated exposure risk. And here's another company
that I barely remember signing up for but never ended up using, and I don't really want
them having my data. So I can just click reclaim, and it will compose an email that will be
sent directly from my inbox to the company. And this is important because
companies generally only honor requests coming directly from the person. Then,
after you allow it to send the email, you can track and review your requests and
cancel it within an hour if you change your mind. And since privacy is important for business too,
Mine has created a solution for companies to help manage their own privacy operations, including
automation of handling requests from consumers. So if you want to start reclaiming your own data,
be sure to visit SayMine.com now and sign up. And I'll also put that link in the description.
And with that all being said, let's continue. Alright so first off is how to actually get to
your router’s settings, but if you already know how to do that you can just skip ahead with the
chapters. Now this will vary slightly depending on your brand of router, but is mostly the same.
So just open up your usual web browser and go to the URL bar. Here you’ll need to enter
the default network address of your router, which is in the form of an IP address. The most
common ones are going to be either 192.168.1.1 or 192.168.0.1, but there are a few other less common
ones I'll just put on the screen here. If none of these work, try Googling the specific model number
of your router plus “admin login page” or “config ip address”, something like that, to find it. In
some cases, it might be printed on the bottom or back or the router, and it may even be like
this Netgear one that says “routerlogin.net” which redirects to the IP address at
192.168.1.1, so both work in this example. After you get to the login page, unless it had
you change the password when you first set it up, you’ll have to get the default login for your
router. It might also say it right on the router itself like it does with this one, where it’s
just ‘admin’ as the username and ‘password’ for the password. And actually, no matter what
router you have, I would just try that first because it’s the most common: Admin+Password.
If it doesn’t tell you on the router itself, and the admin/password combination doesn’t
work, again just Google the model number and “default admin password” to find it. Or
you can try instead of the model number the router brand because each manufacturer usually
uses the same login on all their models anyway. So once you're able to log in, we’re ready to
talk about the main topic, the actual settings. And starting off with number 1, let’s just
get this one out of the way, but you gotta change that default password. Not the WiFi
password, but the one to access that admin page. Imagine for example if a virus were to infect one
of your computers, and your router has the default password, then it could theoretically
go in there, change a couple settings, and then redirect your entire network’s traffic
wherever it wants and do who-knows-what with it. The settings pages are all going to
look different across brands and models, but in most consumer routers there’s
usually a section somewhere called “Administration” or something similar, so just
look for that. And in this case, it’s under an Advanced tab, then under Administration it says
“set-password”. And of course for all of these, you can just consult the official
support page for your particular model. Onto number 2, this one will take a bit of
explanation so bear with me, I do consider it important. And that is a feature called Universal
Plug and Play, which is usually abbreviated as “UPnP”. It's enabled by default on most routers
these days, but many people in the security industry consider it too much of a security
risk to leave enabled. The feature does serve a legitimate purpose, and the technical explanation
is that it allows any program from within your network to open ports on your router’s firewall
and forward them to your computer. Now in regular terms, imagine your internet connection being a
highway with a whole bunch of lanes [over 60,000 actually], which are the ports. And the firewall
is like a toll booth or checkpoint that allows or blocks all ‘packets’ of data, which you can think
of like cars, based on rules. For the most part, all traffic is allowed to be sent out unless
there’s some specific block rule for it, but it only lets data in if it’s basically a response to
something that went out first. That’s a simplified explanation but it’s the general idea. And for
99% of programs, this is all that’s needed. In some cases though, someone might use a program
that needs to receive unsolicited connections, such as actually hosting a game server,
doing peer-to-peer file sharing, stuff like that. In that case, for the program to work
properly, it needs to have one of the ports open, so for example some random player on the internet
can request to connect to your server. For this one option is to go in to the router and manually
forward the ports to your computer, so the lane goes directly to your computer and the program
can then listen to that lane (port). Or the other option is Universal Plug and Play, which lets
any program just open whatever ports it needs. That’s fine and dandy until some clever virus or
exploit comes along and then is allowed to just open every port on your router to your computer.
Now your computer should have it’s own firewall, but presumably the virus or exploit would also
be trying to mess with that at the same time. And by the way this isn’t just speculation,
there have been several UPnP exploits in the past. So my recommendation is find
this setting in your router, disable it, and see if it causes any problems. I can almost
guarantee that you will not notice a difference, but if you do randomly have unexplained
connection issues with certain programs, you can always try re-enabling it. If you find it
is needed for something you use, you can either just keep UPnP enabled, or if you’re willing to
put in a bit of effort, you could look up the ports used by that program and forward them
yourself manually. It’s really up to you. Ok next up number is 3, which is your default DNS
server. And no, it's not as boring as it sounds, I actually think you’ll find this one
cool, and it’s useful for more than you might assume initially. DNS stands for Domain
Name System, but you don’t need to know that. How this works is when you enter a domain
name for a website, like “YouTube.com”, your computer needs to get the IP address to
connect to it. And the DNS server is the thing your computer asks to translate a domain name to
an IP address for it. It doesn’t router all your traffic through the DNS server, your computer
just asks it for the website’s IP address, then once it has it, you connect directly to
the website you want using that IP address. By default your router and computer will just
use the DNS servers automatically provided by your internet service provider.
However, if you want to get fancy, there are other free DNS providers
out there you can choose to use, that may be significantly faster than your ISP’s,
or have additional features such as malicious domain blocking. For example, even Google
provides a public DNS server anyone can use. These DNS settings might be under something
like Network Settings, Internet Settings, or maybe Advanced settings, but again it’s going
to vary, so you’ll just have to find it yourself, but it will be in there. Regardless though,
you’ll almost always be given two settings, the Primary and Secondary DNS servers, both
of which the DNS provider will tell you. One example like I mentioned is Google’s DNS
which is known to be pretty fast, and the IPs for those primary and secondary are 8.8.8.8 and
8.8.4.4. Another one I like is Cloudflare’s DNS, the default of which is 1.1.1.1 and 1.0.0.1,
but they also have other options like a malware domain blocking one, and even one for blocking
malware and adult content for those with kids. The malware blocking isn’t a guarantee obviously,
and again only blocks malicious domains, it’s not like it can scan your traffic and see what
you’re downloading, but it’s a nice extra layer. As a side note, you can also change the
DNS setting for your individual devices, instead of the whole network on your router. Alright onto number 4, we have the Wi-Fi
channel width, what does that mean. Basically, a certain range of frequencies
is allocated to be used by Wi-Fi, and this range is split up into smaller
ranges called channels. The default size of these channels is either 20 Mhz or 40
MHz, depending on whether you’re using the 2.4 GHz or 5 GHz “band”, which is what is
meant when a router says it’s “dual band”. Anyway, almost all routers will let you
do what is called “channel bonding”, which just lets your router broadcast on not just
one channel, but multiple next to each other, literally allowing more bandwidth and
faster speeds. On some high-end routers, you can even combine up to eight 5GHz channels.
However, that doesn’t mean everyone should just go and choose the biggest bandwidth they can. If you
live in an area with a lot of other Wi-Fi networks like an apartment building, it’s probably better
off to just keep the default 20 MHz, or 40 MHz for 5GHz. Because the wider the channels you’re using,
the more you’ll be getting interference from other people’s routers on those channels. Whereas if
you keep the default, you’re a lot more likely to have a whole channel to yourself, and maybe
end up getting better range and speed that way. However, if there is not a ton of WiFi
interference around you, like you live in a house with a decent amount of space between
neighbors, you can probably get away with 80 MHz wide channels. And this is for the 5GHz band by
the way, the 2.4 GHz band literally only has three 20 MHz wide channels, so you probably won’t
want to go higher than 40 MHz wide there. As for the 160 MHz wide option, I’d only bother
with this if you are somewhat far from neighbors, and even still this one is a bit trickier
because it will spill into what are called “DFS” channels. That’s a whole other topic, but
you probably want to just avoid the complication. The super quick explanation is because
of certain laws in the USA at least, your router is required to give priority to any
radar signals it detects, like weather radar, which shares some of those WiFi channels, and
will literally stop broadcasting for a while if it does, from my understanding. So if you
live far from your neighbors, you can may be give 160 a shot and see how it goes, it might
not be a problem but just be aware of that. A final quick note here, is apparently
in some routers like this one, it doesn’t actually have you select
the bandwidth, but the maximum speed. I’m not even really sure how this
particular one works, but I suspect it’s just doing things automatically here, so it
might be better to just keep it at whatever it’s set by default. It might just be automatically
choosing how much of a wide channel to use. Ok finally we come to number 5, though I do have
a bonus one at the end. This one is fortunately way easier to discuss, and it is “Wi-Fi Protected
Setup” or WPS. This is a feature built into a ton of WiFi routers that is supposed to make
it easier to connect devices to your WiFi by just pressing a button, instead of having to
type in a password. But everything I’ve read about it says it's just horribly insecure. And you can
tell me, but I don’t think this is a feature many people use at all anyway. I’ve never used it
and can’t recall anyone I know mentioning it, and a lot of devices don’t even support it.
So if this WPS is something you don’t use, then definitely just disable it, and if you
do use it, I mean you can decide for yourself, but I’d rather just spend the extra few seconds to
type in the WiFi password, which you usually only do once anyway. The WPS setting will be somewhere
under WiFi or Wireless settings, maybe even under Advanced Wireless settings, something like that.
And you can verify your router has the feature by just looking for a physical button labelled ‘WPS’
somewhere on it. The actual setting name might be different too, in this router it has WPS Settings
then has a setting for “Enable Router’s PIN” which is how you disable it, since it connects
with a pin number. But it could literally just say “Enable WPS” or something like that, you’ll
just have to look for where it talks about WPS. Alright now this next setting is an extra
‘bonus’ one because it should be disabled by default already, but you really want to
make sure that is the case. It’s a setting called “Remote Administration” and you should
absolutely disable this if it’s not already. Basically it makes it so no one outside your own
local network can try and log into your router, or in other words NOT just anyone from the
internet, which is a no brainer. And this setting is probably somewhere under something
like “Administration” or whatever. And if you are someone who for some reason does need
this feature, you know who you are anyway. So at this point you probably know a little
bit more about your router, and can feel better about the security too, and you might
even get some better performance from it. Thanks again to Mine for sponsoring the
video, and be sure to visit SayMine.com to start reclaiming your data too.
The link is also in the description. If you want to keep watching,
the next video I’d recommend is a video where I talked about encrypted
DNS, aka DNS over HTTPS, which you can watch here. If you want to subscribe also be sure
to click the bell to enable notifications, I only post videos about twice a week so you
don’t want them getting lost in the rest of your subscriptions. So thanks so much for
watching, and I’ll see you in the next one.
