Things we like
Better password policies
By far, the worst thing that router vendors do is ship their devices with default passwords that don’t need to be changed. Passwords are supposed to be secret, and if you’re using a device’s default password (which can easily be found with a simple internet search) the device is not secure at all.
We like that some vendors have moved away from this. Their devices passwords are unique and based on things such as the serial number printer on the bottom of the device.
Even better, some vendors force their customers to change their passwords on first login to a non-trivial, non-obvious password. Bravo, this makes things safer for all of us.
CAPTCHA on login screens
CAPTCHAs are those little puzzles that web sites use to distinguish between humans and computers. Normally they consist of letters and numbers shown in a modified way that the user needs to type in when using a password. We’re starting to see some router vendors offer CAPTCHAs on their login screens. But why?
It’s all very simple. If a hacker is able to infect a computer with a virus, it’s very easy to get that infected computer to try to login to the network’s router. This can happen over and over, dozens of times a second. A computer that’s powered on 24 hours a day could test out thousands if not millions of passwords given a week or a month. All of this could happen without anyone being the wiser. If successful, then every computer on the network will be at risk.
CAPTCHA will put an end to that by ensuring that automated processes can’t try to login to you router. Another beneficial thing that can be done is to make the user wait several seconds before allowing a second attempt to login if the first login fails.
A little bit controversial, as some computer security people don’t believe that a router should be able to update it’s firmware automatically without human intervention. We disagree, and are happy to see that some vendors offer this service.
Things we don’t like
Local names for routers
Some vendors try to make life easier for their customers by allowing access to a local router with a name such as “mylocal.com” instead of the more prevalent local IP address such as 192.168.0.1. While this seems like a nice feature, it actually is a bit of security risk.
The risk that it poses is that it allows an attacker to easily find a router on a local network without any other information. A good habit to get into is to move your router to a non-standard IP address (such as 192.168.0.99 – yeah, you can do that).By doing this, you can hide the router from hackers and gain a bit of safety.
But… if the router supports a local name, there’s nowhere to hide. That’s why we don’t like this “feature”.