It can be a little scary when you see the “weak security” label next to your WiFi network. Is your network compromised? Do you need to run a virus scan?
Don’t panic, a weak security WiFi message is a very common issue on iPhones and it doesn’t mean anything has been compromised! The good news is the solution to weak WiFi security is easy.
WiFi says weak security when the router is using old security protocols, like WEP or WPA. Open your router’s settings in your web browser and change the wireless security version to WPA2 or WPA3 and set AES as the encryption method (do not select “Automatic” encryption). The weak security alert will disappear.
Why does WiFi say weak security?
The reason your WiFi says weak security is because your phone or laptop detects that the WiFi network is using an older, “weaker” security protocol that is not fully secure.
Two examples of less secure WiFi networks are WEP (Wireless Equivalent Privacy) and WPA (WiFi Protected Access).
These options are less secure because the password to protect them requires fewer characters, and the encryption method they use is easier to hack.
IOS added the feature to detect improperly configured routers in the iOS 14 update. On some phones, such as iPhones, when you connect to an older router that is either using WEP or WPA as the security version, the iPhone will say it is not secure. The solution is to change the protocol to WPA2 or WPA3.
Should you be worried?
Not necessarily. The weak WiFi security message only means the network you’re on is not using the latest, fully secure protocols or passwords.
It doesn’t mean the network has been hacked or breached. In fact, you can continue using weak security WiFi (the internet will work fine), although it’s not recommended.
More likely than not you won’t have any issues using a weak security network (i.e. WEP or WPA), but you shouldn’t take the risk.
Update WiFi security protocol to WPA2 or WPA3
The first step to fixing your weak WiFi security is to access your router’s settings through a web browser and update the security protocol.
Access your router settings
There are many different ways to do this.
The easiest option would be to open your phone’s WiFi network list, tap on the information icon next to your network, and take note of the router IP address.
On some Android phones, there will be a button that says “Manage Router” and it will open the webpage with your router’s IP address.
You should then type the same IP address into a computer or laptop to make it easier – configuring router settings on a mobile device can be a headache.
Once you have the router login page up, you need to sign in with your router’s username and password. If you did not set a password on your router, it will likely use one of the default usernames and passwords.
In most cases, the default username and password for the router will be printed on the physical router, or you can research the model online for the default passwords.
Update security protocol to WPA2 or WPA3
Note that every router has a different settings panel, so features might be in different locations. Once you login to the router, locate the Wireless Settings menu which should show all of the current Wireless settings such as name (SSID), security, encryption, etc.
You want to change the security type to WPA2 or WPA3. In some cases there will be WPA2/3-Personal or Business, I recommend Personal. Finally, set the encryption mode to AES.
You don’t have to change the password because it will be encrypted, but you can if you want to. If you do change the password, make sure it’s fully secure with letters, numbers, and symbols.
Now save the settings, and your router should automatically restart. It usually takes about 60 seconds for it to completely reboot.
It’s also worth mentioning, if you have two networks (2.4 GHz and 5 GHz) you will need to change the security protocol for both!
So take note of any additional SSIDS (networks) that are broadcasting from the router and ensure sure they’re all using WPA2 or WPA3 as the security protocol.
Reconnect to WiFi network
Since you just changed the wireless security settings, the devices connected to the router will need to be reconnected.
Some phones will reconnect to the network automatically, but it will continue to say not secure. In that case, manually “Forget Network” and reconnect again.
Open the WiFi options on your phone and select your WiFi network, then enter the password. Once your phone is done connecting to the network, it should no longer say weak security!
Router does not support WPA2 or WPA3
Very old routers (pre 2004) might not support WPA2 or WPA3 as a wireless security option. If you don’t see see these as an option in your router’s security menu, you can either check for a firmware update or buy a new router.
I strongly recommend buying a new router because it will provide a lot more security features and it will greatly improve the speed of your connections.
Understanding WiFi security protocols
Let’s cover the basics.
|Encryption method||RC4 (Rivest Cipher 4)||TKIP (Temporal Key Integrity Protocol) with RC4||CCMP and AES (Advance Encryption Standard)||AES (Advanced Encryption Standard)|
|PSK (Pre-shared Key) & 802.1x with EAP variant||PSK (Pre-shared Key) & 802.1x with EAP variant||SAE (Simultaneous Authentication of Equals) & 802.1x with EAP variant|
|Session Key Size||40-bit||128-bit||128-bit||128-bit (Personal)|
|Security Level||Highly vulnerable||Somewhat vulnerable||Suitable for most home networks||Extremely secure (auto-encrypts)|
WEP (Wired Equivalent Protocol)
WEP (Wired Equivalent Protocol) was the original wireless security protocol, approved way back in 1999. This protocol was initially expected to provide the same level of security as wired connections.
But as time went by, and cryptographic technology advanced, it was clear that WEP was highly vulnerable and needed to be replaced.
WPA (WiFi Protected Access)
In 2003, as a temporary enhancement to WEP, WPA was adopted. The WPA protocol implements the Temporal Key Integrity Protocol (TKIP).
WEP used a 64-bit or 128-bit encryption key that must be manually entered on wireless access points and devices and does not change.
TKIP employs a per-packet key, meaning that it dynamically generates a new 128-bit key for each packet and thus prevents the types of attacks that compromised WEP.
Back then, WPA was a big security improvement, but it’s still considered vulnerable by today’s standards.
A year later, in 2004, WPA 2 was released. WPA 2 also uses a 128-bit key, but with a new encryption method called AES (Advanced Encryption System).
Most modern routers will use WPA2. When WPA2 is enabled, it’s recommended to disable WEP and WPA, as they can create backdoor vulnerabilities.
In 2018, WPA3 came out as the replacement for WPA2. WPA3 takes security up a notch with SAE (Simultaneous Authentication of Equals), and several other features.
WPA3 is the most secure, but it’s also the newest security protocol, and not all routers or wireless network cards are compatible yet. In most cases, WPA2 provides more than enough protection.
Additional ways to secure your router & network
There are several additional steps you should take beyond updating your router’s security protocol, to further protect your network.
We some of these above, but to reiterate…
Set a complicated WiFi network password
Short, one-word passwords are the easiest to guess, so it’s recommended to use a combination of letters, numbers, symbols, and special characters in your router’s password.
It doesn’t have to be overly complicated, but your network password should at least follow password best practices. And do not reuse a password you’re already using somewhere else!
Change your router password and username
In many cases, your router’s login password and username is defaulted to “admin” and “password”, which anyone can guess.
If someone gains access to your router’s login page, they can do a lot of damage without you even realizing it. The good news is you can easily update this password by logging into your router’s settings (as described above).
Use a modern router
Advancements in technology are usually exponential. In order to keep up, and to ensure your network remains secure, you really need to be using modern equipment.
If your router is more than 4 to 5 years old, I would strongly recommend getting a new one. Not only will the new router be more secure, but the performance boost will be noticeable.
Luckily, fixing WiFi weak security is very easy. You just need to change your router’s security protocol from WEP or WPA, to WPA2 or WPA3 (depending on which option is available to you).
You can still use the internet even when you see the weak security alert, although it’s not recommended.
Hopefully you found this guide helpful!