Google Wifi security features

Google Wifi has several built-in security measures to protect you and your online world.


Google Wifi’s firewall creates a barrier between your Wi-Fi network and the internet, protecting your data from unsolicited connections or connection attempts. It’s a stateful firewall, which keeps track of connections (Transmission Control Protocol (TCP) streams, User Datagram Protocol (UDP) communication) traveling across it. Only data associated with a known active connection is allowed through the firewall.

Note: Settings like Universal Plug and Play (UPnP) and port forwarding allow devices to bypass the firewall and have an open connection, leaving them potentially vulnerable.

WPA2 security

Google Wifi supports WPA2, which is the latest and most popular Wi-Fi encryption protocol. This makes sure that only people with the correct passphrase can join your wireless network.

Google Wifi doesn't support older protocols like WPA and WEP because they have been deemed unsecure by the Wi-Fi Alliance and industry experts. There are also known and documented attacks against WEP and WPA. WPS, a mechanism that lets a device join a wireless network without entering a password, is also not supported for security reasons.

Automatic updates

Google Wifi receives automatic software updates to make sure you always have the latest security. These updates include open source components and go through several rigorous reviews.

And the best thing about it is, Google Wifi does all the work for you. It knows when an update is available and pushes it automatically. No need to go to a website and download a zip file or anything. Google Wifi talks directly to Google, so you don’t have to.

All software updates are signed by Google. Google Wifi can’t download or run any software that isn’t signed and verified.

You can learn about the software updates in the release notes.


All communication between Google Wifi and Google is secured by Transport Layer Security (TLS). This is a protocol that ensures privacy between a device and a server, to make sure no one else sees or tampers with the message.

Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue