Skip to content
WhySoGeek.
Cybersecurity

Secure Your Smart Home: 2026 IoT Checklist

Cameras, plugs, and doorbells are the softest targets on your network. Here is a practical 2026 checklist to lock down every smart home device.

Sam Carter 8 min read
Cover image for Secure Your Smart Home: 2026 IoT Checklist
Photo: anniezambrano / flickr (BY-SA 2.0)

Your smart doorbell has the same job as a front door lock and roughly the security of a wet paper bag. Cheap IoT gadgets are the easiest way onto a home network, and once one is compromised, everything else on the same Wi-Fi is exposed. Here is how to fix that in an afternoon.

Quick answer

To secure smart home devices, change every default password, put all IoT gadgets on a separate guest or IoT network away from your phones and PCs, enable WPA3 on your router, turn on automatic firmware updates, and disable any remote-access or cloud features you do not actually use. Then inventory what you own and retire anything the manufacturer no longer patches.

Key takeaways

  • Network isolation is the single biggest win: keep IoT devices off the network your computers use.
  • Default passwords are the number one way in; change them on every device.
  • Unpatched, end-of-life devices are permanent holes; replace them.
  • Disable features you do not use, especially remote access and cloud streaming.
  • A 10-minute inventory exposes forgotten plugs and sensors that never got updated.

Start by separating your devices

The most valuable step is also the one people skip. A smart bulb should never sit on the same network as your laptop and phone, because if the bulb is hijacked, the attacker can then probe everything beside it.

Most routers from the last few years support one of these options:

  • Guest network: the fastest fix. Put every camera, plug, TV, and speaker on the guest SSID, and keep your phones and computers on the main one. Guest networks isolate clients from the rest of your LAN by default.
  • A dedicated IoT SSID or VLAN: if your router supports VLANs, create one just for IoT. This is stronger than a guest network because you control exactly what can talk to what.

This isolation blocks "lateral movement," the technique where an attacker hops from a weak device to a valuable one. The same principle underpins our home router security checklist.

A home Wi-Fi router with status lights, representing the network that connects smart home devices
Photo: osde8info / flickr (BY-SA 2.0)

Lock down each device

Once devices are isolated, harden them individually. Not every gadget offers every setting, so do what each one supports:

SettingWhy it mattersHow often
Change the default passwordDefault logins are published online and scanned constantlyOnce, at setup
Enable two-factor on the app accountProtects the cloud account that controls the deviceOnce
Turn on automatic firmware updatesCloses known holes without you rememberingSet once
Disable UPnP on the routerUPnP silently opens ports IoT devices ask forOnce
Disable remote access if unusedRemoves an internet-facing entry pointPer device

Two of these deserve emphasis. UPnP lets devices punch holes in your firewall automatically, which is convenient and dangerous; turn it off unless a specific device breaks without it. Remote access and cloud streaming are on by default in many cameras even when you only ever view them at home, so disable what you do not use.

Update firmware and pick better hardware

Firmware is where security fixes live. A device you never update is running whatever bugs shipped on day one.

  • Turn on automatic updates in every device's companion app. Where that is not offered, set a monthly reminder to check manually.
  • Apply critical patches within a few days, not months. IoT exploits get weaponized fast, as our piece on end-of-life routers and the Mirai botnet shows.
  • Before buying, check whether the manufacturer has a clear update policy and a history of patching disclosed vulnerabilities. A cheap no-name camera that never receives updates is more expensive than a supported one.

Retire anything past its support window. A device that no longer gets firmware is a fixed, permanent hole in your network, and no configuration change closes it.

Do a quick device inventory

You cannot secure what you have forgotten you own. Most homes have plugs, sensors, and old speakers still connected and never touched.

  • Open your router's admin page and list every connected device.
  • A free tool like Fing scans the network and names devices for you.
  • For each one, ask: do I still use this, is it updated, and does it need internet access at all?
  • Decommission dormant devices by unplugging them and removing them from your account.

What to do tonight

Run this in order and you will close the biggest gaps in under an hour:

  • Log into your router and move every smart device onto a guest or IoT network.
  • Confirm your Wi-Fi uses WPA3 (or WPA2/WPA3 transitional for older gear).
  • Change the default password on each device and add 2FA to the controlling app account.
  • Turn off UPnP and disable remote access on anything you only use at home.
  • Enable automatic firmware updates everywhere they are offered.
  • Scan the network, list every device, and unplug the ones you no longer use.

Frequently asked questions

Do I really need a separate network for smart devices?

Yes, and it is the highest-value step. If a compromised camera is on the same network as your laptop, the attacker can reach the laptop. A guest network or IoT VLAN isolates cheap devices so a breach of one does not spread.

What is the risk of leaving default passwords?

Automated bots continuously scan the internet for devices using factory-default logins, which are published in public lists. Default credentials are how botnets like Mirai enslave hundreds of thousands of cameras and routers. Changing them removes you from that easy pool.

Should smart devices have internet access at all?

Many do not need it. Some cameras and hubs work fully on your local network. If a device offers a local-only mode, use it, and block internet access for any device that only needs to work inside the house.

How do I know if a device is end-of-life?

Check the manufacturer's support page for the model. If the last firmware update is more than a year or two old, or the product is marked discontinued with no security patches, treat it as end-of-life and replace it.

#iot#smart-home#network-security

Sources & further reading

Keep reading