Google Nest Wifi security features

Google Nest Wifi router has several built-in security measures to protect you and your online world.


Google Nest Wifi’s firewall creates a barrier between your Wi-Fi network and the Internet, protecting your data from unsolicited connections or connection attempts. It’s a stateful firewall, meaning it keeps track of connections (TCP streams, UDP communication) traveling across it. Only data associated with a known, active connection is allowed through the firewall.

Note: Settings like UPnP and port forwarding allow devices to bypass the firewall and have an open connection, leaving them potentially vulnerable.

WPA2 & WPA3 security

Google Nest Wifi secures your Wi-Fi network with either WPA2 protocol or the newer WPA3 protocol. Using WPA3 protocol makes your Wi-Fi network highly resistant to security risks like offline dictionary attacks. 

By default, Google Nest Wifi uses the WPA2 protocol to maximize compatibility with legacy  connected devices (such as phones, tablets, or laptops). However, you can turn on WPA3 transition mode in the Google Home app. This setting allows both WPA2 and WPA3 devices to join your Wi-Fi network. Note: some legacy WPA2 devices may be incompatible with WPA3 and experience connection issues when WPA3 transition mode is on.  Note that OnHub devices do not support WPA3.

Google Nest Wifi doesn't support legacy protocols like WPA and WEP because they have been deemed unsecure by the Wi-Fi Alliance and industry experts. There are also known and documented attacks against WEP and WPA. WPS, a mechanism that lets a device join a wireless network without entering a password, is also not supported for security reasons.

To turn on WPA3 transition mode:

  1. Open the Google Home app Google Home app.
  2. Tap Wifi
  3. At the top right, tap Settings Settings gear.
  4. Turn on WPA3.

Note: When you toggle WPA3 on or off, your network will restart and devices will lose connectivity 

Automatic updates

Google Nest Wifi receives automatic software updates to make sure you always have the latest security features and protection from recently discovered security threats. These updates may include open source components and go through several rigorous reviews.

All software updates are signed by Google. Google Nest Wifi can’t download or run any software that isn’t signed and verified.


All communication between Google Nest Wifi and Google is secured by Transport Layer Security (TLS). This is a protocol that ensures privacy between a device and a server, making sure no one else sees or tampers with the message.

Was this helpful?
How can we improve it?