Security
Wi-Fi / Security / Encryption
Under "Wi-Fi / Security" you can configure settings for security in the Wi-Fi network, for instance, select a WPA mode, or specify a new Wi-Fi network key.
WPA Encryption
WPA Mode
WPA (Wi-Fi Protected Access) is a standard for encryption and authentication in Wi-Fi networks. WPA3 mode offers the highest security, but many wireless devices do not support this mode yet.
| WPA Mode | Function |
|---|---|
| WPA2 (CCMP) | The FRITZ!Box uses WPA2 for all wireless devices. Connections to wireless devices with WPA3 are possible (WPA3 is backward compatible). Connections to older devices without WPA2 are not possible. |
| WPA2 + WPA3 | If a wireless device supports WPA3, the FRITZ!Box uses WPA3. For all other devices the FRITZ!Box uses WPA2. |
| WPA+WPA2 | Enable this mode if you still deploy older wireless devices without WPA2. If a wireless device does not support WPA2, the FRITZ!Box then uses WPA. For all other devices the FRITZ!Box uses WPA2. |
Instructions: Enabling WPA2 + WPA3
See Configuring the FRITZ!Box for Wi-Fi Connections with WPA3.
Instructions: Enabling WPA2 (CCMP) or WPA+WPA2
- Select the desired WPA mode.
- Click on "Apply".
Network Key
The network key must be between 8 and 63 characters in length. We recommend a length of at least 20 characters from the list of valid characters for passwords.
Additional Security Settings
AVM Stick & Surf
You can use "AVM Stick & Surf" in combination with a FRITZ!WLAN Stick. When you enable "AVM Stick & Surf" you can establish wireless connections to the FRITZ!Box without entering anything on the computer:
- Insert the FRITZ!WLAN Stick into the USB port on the FRITZ!Box.
The "Info" LED on the FRITZ!Box begins flashing.
- Wait until the LED stops flashing.
- Pull the FRITZ!WLAN Stick out of the FRITZ!Box and insert it into a USB port on the computer.
The network key of the FRITZ!Box is transferred to the computer and the Wi-Fi connection to the FRITZ!Box established automatically.
Support for Protected Logins by Wireless Devices (PMF)
PMF (Protected Management Frames) is a security feature for Wi-Fi connections, and is standardized in accordance with IEEE 802.11w-2009. PMF is not supported by some older wireless devices (Wi-Fi 4, 802.11n).
- Disable the setting if problems occur when registering older wireless devices.
Restrict Access to Wi-Fi (MAC Address Filter)
You can restrict Wi-Fi access to the FRITZ!Box to devices that are already known to the FRITZ!Box by enabling the MAC address filter. When the MAC address filter is enabled, new wireless devices must first be made known to the FRITZ!Box before they can register with the FRITZ!Box.
Important:The MAC address filter does not offer sufficient protection from unauthorized use of the Wi-Fi network. To protect the Wi-Fi network effectively, enable WPA encryption.
Prerequisites
When the MAC address filter is enabled, the following requirements apply for using wireless devices with Android or Windows:
- Android 10 or later: If the wireless device supports randomized MAC addresses, the "use randomized MAC" function must be switched off in Android for the Wi-Fi network of the FRITZ!Box.
In Android, see "Settings / Network & Internet / Wi-Fi".
- Windows 10 or later: The "Random hardware addresses" function must be switched off in Windows for the Wi-Fi network of the FRITZ!Box.
In Windows, see "Settings / Network and Internet / Wi-Fi" and "Settings / Network and Internet / Wi-Fi / Manage known networks"
Instructions: Enabling the MAC Address Filter in the FRITZ!Box.
- Select "Wi-Fi / Security" in the user interface.
- Under "Restrict Access to Wi-Fi", enable the option "Do not allow any new wireless devices".
- Click on "Apply".
Instructions: Making a New Wireless Device Known to the FRITZ!Box (When the MAC Address Filter Is Enabled)
- Select "Wi-Fi / Security" in the user interface.
- Click on "Add Wireless Device".
- Enter the MAC address of the wireless device.
- Click on "Apply".