Router Login Not Secure (Does It Matter?)

Written by Oliver in Online Security and Privacy

This is a common problem when trying to log into our router settings, and we can sometimes get a scary “connection not secure” warning from our browser. Is this anything to worry about, and can we still safety access our router configuration page on an insecure connection?

As a general rule, having a router login displaying as insecure is not a cause for concern, as the connection is over the local network and not the wider internet. Using unsecured HTTP connections is problematic over the broader internet, but far less so for local network connections.

Therefore, despite the scary warnings, it’s usually nothing to worry about. It’s when we are accessing sites on the broader internet that using insecure HTTP connections becomes more problematic, especially when entering sensitive details. But on local networks, it is usually no problem.

Let’s look at this problem in more detail, examining the difference between HTTP and HTTPS connections, and why router logins are not as vulnerable as other types of connections, plus some common sense home network security precautions we can still take to make connections more secure.

Why Does This Warning Come Up?

This warning comes up because the connection between your device and the router settings is being facilitated by the older and less secure HTTP (Hypertext Transfer Protocol) protocol rather than the newer, more secure HTTPS (Hypertext Transfer Protocol Secure) connection, which is symbolized by a green or closed padlock. HTTP connections are not as secure as HTTPS ones and are easier to intercept and hack.

Sometimes there won’t be an alert or warning that comes up as such. It’ll just be that the connection displays as the padlock with a red line through it right next to the URL address bar, indicating that the connection is not secure.

This is what happens when I log into my router’s settings:

Other times, you may actually get a warning from your browser that the connection you are about to create typing in your router’s login IP is not secure. It can look a bit scary and say “do you wish proceed” etc etc:

Sometimes with router logins, it can be that the connection is “secure”, but it’s through something called an Self Signed SSL certificate, meaning it hasn’t be certified by a trusted 3rd party, and therefore your browser is still treating it as an unsecured connection. This is because this is all being done offline on your local network – see next section.

Does It Matter If Your Router Login Is Not Secure?

The warnings can look really scary and discourage us from proceeding, but really it’s no big deal.

Accessing your router settings on an insecure connection is not a cause for concern because everything is happening on your local network, not the broader internet. The reason this warning still comes up is that browsers and search engines have in the last few years really started to favor and prefer that all connections are those green padlock HTTPS “secure” connections, like this:

HTTPS Green Padlock Browser

 

This means that the connection is using the more secure HTTPS protocol, rather than the older and less secure HTTP protocol, which is what you’ll be using if your router login in unsecured. And in fairness, all websites on the wider internet which require entering any kind of personal details or sensitive data (purchases, logins etc) should ALWAYS use the green padlock HTTPS protocol.

Do not login or enter personal details on any site which doesn’t have this on the broader internet.

However, logging into your router doesn’t even require accessing the wider internet; it’s done entirely locally on your home network. The device you use to access settings does need to be connected to the router, either by cable or Wi-Fi, but it doesn’t need to be fully online to access the router settings. Everything to do with router settings can be done offline.

Therefore, security is not such a big issue here, and having HTTPS is not so crucial. It would be nice though if all routers just defaulted to the green padlock HTTPS, even for their settings pages, just to put user’s minds at ease. But for now, some router logins are still unsecured HTTP connections.

If you are really security conscious, then you could connect to the router via an ethernet cable connection instead of using Wi-Fi, therefore preventing any possible interception of router login data you might enter over an insecure Wi-Fi connection.

Ethernet Cable

However, in today’s world, the idea of router login data being intercepted over a Wi-Fi connection within a local network (not the broader internet) is pretty far fetched. It would have to either be someone already in your household, or someone nearby if you live in an apartment block, who already has access to the network and who knows how to intercept data over HTTP connections. Realistically, it’s very rare this would ever happen nowadays.

What To Do If You Suspect Your Network/Router Has Been Hacked

Despite everything we’ve said, it can sometimes happen that either your Wi-Fi network is hacked, or even your router settings, with a nearby hacker actually taking control of your router settings because they have found or guessed the login credentials. In very rare cases this might have happened because they intercepted the credentials you typed in over an unsecured router login connection, but it’s very unlikely this could ever happen.

However, if you suspect your router login and security is compromised, and login or password credentials changed, the best thing to do is to factory reset the router to revert all login details back to the ones shown on the sticker on the back, and clear any custom changes the hacker might have done.

Here’s how you do this:

The router’s often got a simple reset button somewhere prominent, and also a reset/factory reset hole somewhere else. This is pretty clear. The reset button quickly resets the router (you shouldn’t lose any usernames/passwords/data). The reset hole is what you push a pin into for the full reset (will wipe history and settings).

Push a safety pin into it and hold for 10-20 seconds, until the lights on the front blink or go out, to initiate the full reset.

It often looks something like this:

However your router is set up, once you do a full factory reset, it should wipe all settings and firmware (including faults) and return the router to it’s original state when it was brand new and first plugged in.

This is great for clearing wiping any custom passwords and kicking off hackers, but also be aware that you will also lose all other custom settings on the router:

  • All custom Wi-Fi SSIDs/usernames and passwords to access the network will be lost and reset to the defaults indicated on the sticker on the back of the router. So any users who need to reconnect will need to find the router again on the network list and re-enter the default password to use the Wi-Fi.
  • Be sure to quickly change the Wi-Fi username and password to something custom to stop any hackers regaining access.
  • If you have also set custom values for the router login admin/password (to change settings), these will also be reset back to the default values indicated on the sticker on the back.
  • If any gamers have set a static IP for their console on the router, this will be deleted and they’ll have to do it again.
  • Any other custom settings that were configured on the router (eg. QoS, DNS settings, DMZ) will be lost and need to be reconfigured.
  • Factory resets can sometimes also take longer than quick resets, with a disruption of connection for sometimes several minutes.
  • See our article on resetting your router for more on this, plus how to get settings back to how they were if you need to.

More Best Practices For Securing Your Home Wi-Fi Network

Just because using unsecured HTTP connections to access your router settings locally usually isn’t a problem, it doesn’t mean that there aren’t some common sense things all internet users can do to make their home networks, and their internet browsing in general, more secure.

Here are some key suggestions to improve Wi-Fi security in particular:

  • Always use long, complex and unique Wi-Fi router login credentials (router admin/password).
  • Also use long, complex Wi-Fi usernames and passwords. Do not just stick to the default ones.
  • Hide your Wi-Fi name (SSID) so it isn’t so easily detectable.
  • Turn off WPS (auto pairing) settings on your router as they’re easy to hack.
  • Use wired connections when possible, since Wi-Fi is much easier to hack.
  • See our article on making Wi-Fi networks more secure, for more on these steps, plus other things you can do in this regard.
  • See also our article on checking who’s currently connected to your router, plus how to kick unwanted devices off your Wi-Fi network.
  • Use a Virtual Private Network on VPN (the biggest security tool) to secure Wi-Fi connections. Almost impossible to hack in the civilian world. The NSA can still hack them, but pretty much no one else can.
  • VPNs are useful on home Wi-Fi networks, but are absolutely essential whenever you use public Wi-Fi, to prevent personal data and logins being hacked. See our article on this.
  • Make sure you’ve got up to date antivirus and anti-malware software installed to remove and keyloggers and other pesky viruses/malware. McAfee are an excellent option but there are many others as well.

What is a VPN?

https://youtu.be/_wQTRMBAvzg

 

Oliver

Online gamer and general home networking enthusiast. I like to create articles to help people solve common home networking problems.

Recent Posts