Are you worried that someone is connecting to your WiFi router without your permission? Well, if you are securing your WiFi with WPA2-AES (CCMP) encryption and a fairly strong password, you should be confident that no one is able to connect to your WiFi without knowing your password. Not even with the most recent KRACK attack. KRACK enables a hack to snoop on you, but doesn’t allow them to decrypt your WiFi password or to connect to your WiFi without a password.
Unless a trivial password is used, the only feasible way to crack a WPA2-AES (CCMP) password is to use rainbow tables. And since WPA2 salts the encryption with the SSID, hackers have to build a rainbow table for the specific SSID they want to crack. That is why nowadays WiFi router vendors ship out routers with a somewhat randomized SSID. If your router comes with a generic SSID like “linksys”, you should change it to something less generic (i.e., somewhat unique to avoid readily available rainbow tables).
Having a reasonably long password goes a long way to protect your WiFi connection. As shown by this excellent blog entry, the difficulty of cracking a password grows exponentially with the length of the password.
It is generally believed that a password with 14 or more characters makes the rainbow table attack infeasible. You might be thinking about turning off SSID broadcasting or adding MAC address filtering to make your WiFi more secure. As said before, these techniques are not very effective. With the additional hassle, you might want to consider adding a couple of more characters to your WiFi password instead, which would be much more effective.
In summary, this is all you need to do to prevent someone from connecting to your WiFi without knowing your password:
However, that doesn’t mean someone cannot connect to your WiFi without your permission. Your friends, who had your permission to use your WiFi, might disclose your WiFi password to other people. Maybe they were doing that inadvertently with an WiFi sharing app like WiFi-Map. A good practice is to create a guest network for friends who are in the house temporarily. Then change the guest WiFi password or shutdown the guest network afterwards.
You may also want to monitor the list of connected devices periodically. Most of the routers provide this functionality in the router management console. The pcWRT router makes it even easier, where you can name each device connected to the router. Named devices will be displayed in blue, while unnamed (unrecognized) devices will be displayed in gray. You can easily tell which devices are unrecognized by glancing at the color in the connected devices list.