The experts cited in the article have a few recommendations, which I will repeat and elaborate on.
1. Install third-party firmware on whatever router you have. Whether it’s DD-WRT, Tomato, or something else, these alternative builds are proving to be more secure than what many routers come with from the factory.
2. Use WPA2 encryption with a long password, and only WPA2, and disable WPS. There is no such thing as simple, friendly wifi security. I have WPS disabled, and my wifi password is 54 characters long. Perhaps 32 characters is reasonable, but let’s face it, you generally only enter the password once per device. It’s a lot less hassle than getting your bank to reverse fraudulent charges.
3. Use a less-common address block. This is an interesting one, but come to think of it, a surprising number of people, even IT professionals, don’t realize that the 10.x.x.x block of IP addresses is private, and so is 172.16.x.x-172.31.x.x. Seeing something other than 192.168.1.x may confuse an unsophisticated attacker.
4. Change the default password, and the username, if possible. This should be obvious, but not everyone remembers to do this, and the default passwords for everything are available online, in multiple places.
And here’s a hot tip, as a bonus. Not everyone is comfortable flashing new firmware on routers, so you can make a little extra money by purchasing DD-WRT or Tomato-compatible routers, especially when they’re on sale, and reselling them online for a small markup. It’s not quite like manufacturing things at home, but it’s close. When listing them for sale, make sure you mention they’ve been upgraded. I’ve upgraded dozens of routers, so I can assure you it’s not a big deal to do, but it scares some people. If you want to be really nice, go ahead and configure them securely, and document all of the settings on a sheet of paper that you include in the box, so the purchaser just has to plug the device in and go. You’ll make a little money and make the world a little more secure.