Home / Windows 10

Connecting to a wireless network

In this tutorial, we assume that you have already configured a wireless access point (often included as a feature in cable modems and DSL adapters supplied by your broadband provider) and confirmed that it is working correctly.

Whenever your computer's wireless network adapter is installed and turned on, Windows scans for available wireless access points. If it finds at least one (and you're not already connected to a wireless network), it alerts you via the wireless network icon, which looks a bit like an antenna. If you see a bright dot at the end of an otherwise gray antenna, that means connections are available.

Unless you're out in the country, far from civilization, you're likely to see lots of access points available for connection, most of them owned by your neighbors or nearby visitors. Assuming those networks are adequately secured with a password you don't know and can't guess, you'd have no luck connecting to them anyway.

Clicking or tapping the entry for a secured access point reveals a box in which you are expected to enter a passphrase. If what you enter matches what's stored in the access point's configuration, you're in. Getting in is easy on a network you control, where you set the password. For a secured access point controlled by someone else-a doctor's waiting room, a coffee shop, a friend's office-you'll need to ask the network owner for the passphrase or key.

Before you reach that security prompt, you're asked whether you want to connect automatically to that network in the future. If this is a place you expect to visit again (or in the case of a coffee shop, again and again and again . . . ), say yes to save the credentials. Note that saved Wi-Fi passwords are synced between devices when you sign in with a Microsoft account, so you might find that a brand-new device, one you've never used before, automatically connects to your home or office Wi-Fi without having to ask you.

To disconnect from a Wi-Fi access point, click or tap its entry in the network flyout and then tap Disconnect. Doing so automatically turns off the option to connect automatically to that network in the future.

Windows 10 saves credentials for every Wi-Fi access point you connect to, giving you the option to connect with a tap when you revisit. If that thought makes you uncomfortable, you can see and manage the full list of networks by opening Network Settings and clicking Manage Wi-Fi Settings on the Wi-Fi page. That list can be startling, especially if you're a frequent traveler. Tap any name in the list, and you'll see either one or two buttons.

Tapping the Forget button deletes any saved security information and removes the network name from the list. The Share button is available only if you've turned on the option to share network settings with your contacts, a feature that's part of Wi-Fi Sense.

Decoding Wi-Fi standards

The most popular wireless networks use one of several variants of the IEEE (Institute of Electrical and Electronics Engineers) 802.11 standard, also known as Wi-Fi. On modern Wi-Fi networks, you are likely to encounter one of the following three standards (going from oldest to newest):

  • 802.11g:
    This standard was current up until 2009, just before the release of Windows 7. It's still in wide use on older PCs and wireless access points. It can transfer data at a maximum rate of 54 megabits per second using radio frequencies in the 2.4 GHz range. (Some manufacturers of wireless networking equipment have pushed the standard with proprietary variations that approximately double the speed.) 802.11g-based networks have largely supplanted those based on an earlier standard, 802.11b, which offers a maximum speed of 11 megabits per second.
  • 802.11n:
    Using this standard, adopted in 2009, you can expect to see dramatic improvements in speed (600 megabits per second) as well as significantly greater range. Unlike the earlier standards, the 802.11n standard allows use of the 5 GHz frequency range as well as 2.4 GHz. However, not all 802.11n hardware supports both bands.
  • 802.11ac:
    This standard, finalized in 2014, builds on the 802.11n specification and allows multiple links at both ends of the wireless connection, advertising throughput rates of 500 megabits per second per link, with a theoretical maximum speed of up to 2,600 megabits per second.

Although the newer Wi-Fi standards are backward compatible with hardware that uses the older, slower standards, be aware that all traffic on your network runs at the speed of the slowest wireless standard in use; if you've just bought an 802.11ac router, you will see the faster speed only if you replace your old network adapters.

For the maximum throughput, use 5 GHz 802.11ac devices throughout your network. The 5 GHz band is subject to less radio interference than 2.4 GHz and is capable of a higher maximum theoretical data rate. If you must maintain compatibility with older 2.4 GHz devices, the ideal solution is to use a dual-band wireless access point.

Connecting to a hidden network

Every wireless network has a name, formally known as a service set identifier but typically referred to as an SSID. Some wireless networks are set up so that they don't broadcast their SSID. Connecting to such a hidden network is a bit more challenging because its name doesn't appear in the list of available networks on the network flyout or in Network & Internet Settings. Making such a connection is possible, however, as long as you know the network name and its security settings.

Note:
Configuring a router so that it doesn't advertise its name has been incorrectly promoted by some as a security measure. Although it does make the network less accessible to casual snoops, lack of a broadcast SSID is no deterrent to a knowledgeable attacker. Furthermore, attackers can learn the SSID even when they're not near your wireless access point because it's periodically broadcast from your computer, wherever it happens to be. We provide these steps to help you connect to a hidden network managed by someone else; we don't recommend that you configure your home or office network in this fashion.

If one or more nearby networks aren't broadcasting their SSID, you'll see Hidden Network in the list of available networks. Click or tap that entry, and then you'll need to enter the correct SSID before you're allowed to the real security test, your passphrase or security key.

After you jump through that one extra hoop, the process is no different from connecting to a network that broadcasts its name.

To set up your computer so that it connects to a particular nonbroadcasting wireless network whenever you're in range, follow these steps:

  1. Open Network And Sharing Center, and click Set Up A New Connection Or Network.
  2. In the Set Up A Connection Or Network Wizard, select Manually Connect To A Wireless Network and click Next.
  3. Specify the network name (SSID), the type of security used by the network, the encryption type if the network uses WPA or WPA2 security, and the security key or passphrase. Select Connect Even If The Network Is Not Broadcasting. (What is the privacy risk mentioned in the dialog box? When this option is turned on, your computer sends out probe requests to locate the wireless network; an attacker can detect these probe requests and use them to determine the network's SSID. Your computer continues to send these requests even when you're away from your network's access point.) Click Next.
  4. Click Next, and then click Close.

Wireless Security

On a conventional wired network, especially in a private home or office, physical security is reasonably easy to secure: if someone plugs a computer into a network james or a switch, you can trace the physical wire back to the intruder's computer. On wireless networks, however, anyone who comes into range of your wireless access point can tap into your network and intercept signals from it.

If you run a small business, you might want to allow Internet access to your customers by using an open Internet connection. Some Internet service providers create secure guest accounts on their customers' cable modems that allow other customers of that service to connect using their network credentials.

Other than those scenarios, however, you probably want to secure your network so that the only people who can connect to it are those you specifically authorize. Doing that means configuring security settings on your wireless access point or router. When you connect to a network, known or unknown, the level of security is determined by the encryption standard chosen by the network owner and supported by network hardware on both sides of the connection.

Depending on the age of your hardware, you should have a choice of one or more of the following options, listed in order of preference:

  • Wi-Fi Protected Access 2 (WPA2):
    Based on the 802.11i standard, WPA2 provides the strongest protection for consumer-grade wireless networks. It uses 802.1x-based authentication and Advanced Encryption Standard (AES) encryption; combined, these technologies ensure that only authorized users can access the network and that any intercepted data cannot be deciphered. WPA2 comes in two flavors: WPA2-Personal and WPA2-Enterprise. WPA2-Personal uses a passphrase to create its encryption keys and is currently the best available security for wireless networks in homes and small offices. WPA2-Enterprise requires a server to verify network users. All wireless products sold since early 2006 must support WPA2 to bear the Wi-Fi CERTIFIED label.
  • Wi-Fi Protected Access (WPA):
    WPA is an earlier version of the encryption scheme that has since been replaced by WPA2. It was specifically designed to overcome weaknesses of WEP. On a small network that uses WPA, clients and access points use a shared network password (called a preshared key, or PSK) that consists of a 256-bit number or a passphrase that is from 8 to 63 bytes long. (A longer passphrase produces a stronger key.) With a sufficiently strong key based on a truly random sequence, the likelihood of a successful outside attack is slim. Most modern network hardware supports WPA only for backward compatibility.
  • Wired Equivalent Privacy (WEP):
    WEP is a first-generation scheme that dates back before the turn of the century. It suffers from serious security flaws that make it inappropriate for use on any network that contains sensitive data. Most modern Wi-Fi equipment supports WEP for backward compatibility with older hardware, but we strongly advise against using it unless no other options are available.

If your data is sensitive and your network is in an apartment building or an office complex where you can reasonably expect other people to wander into range with wireless adapters, you should take extra security precautions in addition to enabling WPA. Consider any or all of the following measures to protect your wireless access point from intruders:

  • Change the network name (SSID) of your access point to one that doesn't match the hardware defaults and doesn't give away any information about you or your business.
  • Disable remote administration of the access point; if you need to change settings, you can do so directly, using a wired connection.
  • Whether you decide to allow remote administration of the access point or not, set a strong password so that a visitor can't tamper with your network settings.
  • Check the firmware and drivers for wireless hardware (access points and adapters) at regular intervals and install the most recent versions, which might incorporate security fixes.
  • Consider using a virtual private network (VPN) for wireless connections. A VPN sends all wireless traffic over an encrypted connection, making it impossible for others to snoop on your wireless traffic. Corporate network administrators can help set up a VPN using your company's security infrastructure. For unmanaged Windows 10 devices, VPN software and services are available.

When setting up a wireless access point for a home or small office, choose a strong passphrase. A passphrase for WPA or WPA2 can be up to 63 characters long and can contain letters (case-sensitive), numbers, and spaces (no spaces at the beginning or end, however). Many devices generate a random alphanumeric key, but you might prefer to use a memorable phrase instead of random characters. If you do, choose a phrase that's not easily guessed, make it long, and consider incorporating letter substitution or misspellings to thwart attackers. Because it can be saved and synced between devices, you shouldn't need to enter it often.

You must use the same encryption option on all wireless devices on your network-access points, routers, network adapters, print servers, cameras, and so on-so choose the best option that is supported by all your devices. If you have an older device that supports only WEP (and it can't be upgraded with a firmware update), consider retiring or replacing that device.

Troubleshooting: You can't connect to other computers

If you're connecting to a network in your home or office (as opposed to a public hotspot, such as at an Internet cafe), be sure that the network is defined as a private network (either home or work). By default, Windows errs on the side of security, setting the location of all new networks as Public, and thus not open to connections from other devices on the same network. That's safe, but it also means you won't be able to see other local computers you trust. To see whether this is the problem, open the Network And Sharing Center. If Public Network appears beneath the name of your network, there's an easy fix.

Open File Explorer and click or tap Network in the list on the left. That should display a yellow banner at the top of the list noting that network discovery and file sharing are turned off. Click that banner, and then click Turn On Network Discovery And File Sharing in the resulting menu.

That click toggles the network location from Public to Private and should allow you to see the rest of the network (and vice versa). Do this only if you are certain that the other devices connected to this network can be trusted.