Router security audit checklist

The most expert person in the world can only make a router as secure as the firmware (router OS) allows. The following list of security features lets you judge how secure a router can potentially get. This is not a list of things to do to make a router more secure, that's on the home page of this site. If you care about securing a router, look for it to have the features below. Sadly, reviews of routers never discuss any of this.

    WPS (Last update: March 2017)

One problem with having an account is that you never know what information is being reported back to the mother ship. Requiring an account also opens you up to security problems if the router vendor gets hacked or has a malicious employee. It may also mean that if the hardware vendor goes out of business the router is useless. In this August 2022 article, Your Router and Online Privacy Risks: Be Aware of that Hidden Potential Danger, Dong Ngo says ". if you use a router made by a company that forces you to log in via an account before you can manage your network, your privacy is generally at the mercy of that company. . it’s like you actively report your every move to a third party. And this is the scariest part: That happens completely without your direct knowledge. There’s no visual, warning, or ID checking, not a fist bump or a wink. It’s total unawareness."

Prior to the rise of mobile apps, this was never an issue. Now that so many routers are managed with a mobile app, the majority of routers require you to have an account. Three vendors that let you use their routers without having an account are Peplink, Asus and pcWRT.