A question we get asked often here at TechJunkie is about Wi-Fi security and in particular, whether broadcasting your Wi-Fi SSID is a security risk. Should you broadcast your Wi-Fi SSID or keep it hidden? Let’s take a look.
What is an SSID?
The SSID, or Service Set Identifier is the name your device sees when it scans the airways for a network. If left default, which you should never do, it will usually have the name of your network carrier or router manufacturer. If you have changed it, that name will be broadcast to any device in range.
The idea of an SSID is to let you know which networks are available and at what strength they are at. This lets you know what network to connect to, either the one with the strongest signal or the one that allows public access. If you’re at home, you will obviously connect to that one. Outside, signal strength is everything when dealing with public networks.
Your Wi-Fi router will broadcast the SSID periodically along with the channel being used and the security type. The SSID isn’t strictly necessary for wireless devices to be able to connect to the network but is transmitted anyway.
Should your broadcast your Wi-Fi SSID or keep it hidden?
In theory, you would think it more secure to not broadcast your SSID as it would require a hacker to find it out themselves. I mean, why help the hacker when you don’t need to right?
In practice, hiding the SSID makes no difference whatsoever to the security of your network. In fact, it can create more problems than it solves. Here’s why.
Your Wi-Fi router publicizes the SSID in the beacon. However, the SSID and network information is also contained within the data packets so the router knows where to send them when transmitted. So stopping the SSID transmission does not stop transmission of your network data as the router needs it to deliver traffic between devices.
Any hacker with a simple network sniffing tool can find out your SSID in seconds even if you are not broadcasting it. Free tools such as Aircrack, Netstumbler, Kismet and numerous others will quickly find out the SSID, channel, security protocol and other information.
By hiding your SSID, you are making networking more difficult for yourself while not adding any more security to your network.
Why should you not hide your SSID
There are downsides to not broadcasting your SSID, especially if you use a legacy computer. Windows 10 is pretty good at Wi-Fi networking and can hold a connection to a network regardless of whether you broadcast the SSID or not. Older versions of Windows, computers that use USB Wi-Fi adapters, some older phones and tablets do have trouble finding and holding networks without an SSID.
Rather than connecting to known or the strongest connection, older computers and some mobile devices would opt for a lower strength signal with an SSID broadcasted. Even though an SSID isn’t necessary to create a connection, something within their respective operating systems seemed to prefer this.
I know first hand that Windows XP and Windows 7 had this problem as did early versions of Android. I have also had issues with a USB wireless dongle dropping a connection on a Windows 10 computer as soon as I stopped broadcasting the SSID.
While it shouldn’t be necessary to have an SSID for a stable connection, it obviously is on some level at least.
How to increase Wi-Fi security
If disabling your SSID has no impact on the security of your network, what does? How can you keep hackers and the unwanted out of your Wi-Fi network?
There are three things you need to do to secure your wireless network:
- Use WPA 2 encryption
- Use a strong network key
- Change the username and password on your Wi-Fi router
Ideally, you should instigate these three the moment you unbox your router. Most third party routers will enforce a password change the moment you first log in. Some network provider routers do not. Either way, change the username from ‘admin’ and the password right away.
Again, many routers will default to WPA 2 security while others will not. Navigate to your router’s webpage and you will likely find the setting under Wireless. The Personal or Enterprise setting doesn’t really mean much unless you have a business class router, I tend to use WPA2/Personal.
Finally, when you change your SSID to something personal but not identifiable, change the access key or password to something strong too. The more complicated you can make it the better as long as you can remember it!