Default Router Passwords: Complete List by Brand (2026)

You've just moved into a new place and the ISP technician left without a single rundown. Three days later you need to set up port forwarding, the setup sheet is gone, and you're staring at a login screen with no idea what to type. The default router passwords list is your first line of attack — a brand-by-brand reference that gets you back into the admin panel without a factory reset. Paired with our default router IP addresses list, these credentials unlock the control panel of every major brand. This guide gives you the full reference table, a step-by-step login walkthrough, and the security steps you must take the moment you get in.

Most modern routers print default credentials on a sticker on the underside or back of the device. But older hardware, ISP-supplied equipment, and routers that have been reset in the field don't always follow that convention. Understanding the full router login workflow — not just the credentials — separates users who get locked out repeatedly from those who handle it confidently every time.

Whether you're recovering access to an old device, setting up a new router, or troubleshooting a stubborn login screen, this reference covers credentials, login steps, common failure modes, and the long-term security habits every network owner needs.

Default Password Myths That Are Simply Wrong

Spend enough time on networking forums and you'll encounter the same bad advice recycled endlessly. These myths cause real problems — failed logins, unnecessary factory resets, and in some cases, routers that stay exposed for months because the owner assumed they were protected.

"admin/admin" Is Not Universal

The assumption that every router accepts admin/admin as default credentials is flat-out wrong. Here's what the data actually shows:

• TP-Link uses admin / admin on older models — but newer units ship with a unique password printed on the label, not a shared default.
• Netgear defaults to admin / password on most consumer devices. Not admin.
• Asus uses admin / admin on many models but forces a password change on first login — so the factory default is often already invalid.
• Linksys historically used a blank username with admin as the password. Many users fail login by typing something into the username field.
• Eero and Google Nest have no admin password at all — management happens entirely through their mobile apps, not a browser.

Trying admin/admin as a universal key wastes time and can temporarily lock you out of routers that enforce failed-login rate limiting.

The Sticker Doesn't Always Tell the Truth

Sticker credentials are accurate for factory-new devices. But consider these scenarios where the sticker gives you the wrong answer:

• The previous owner changed the admin password and never reset the router before selling it.
• An ISP pre-configured the device with a custom credential before deployment.
• The sticker was printed for a different firmware revision than what's currently installed.
• Someone performed a partial reset that cleared WiFi settings but left admin credentials intact.

Pro tip: Before assuming the sticker is wrong, confirm you're hitting the correct IP address. Accessing 192.168.0.1 when your router uses 192.168.1.1 produces a browser error that looks identical to a failed credential — it's the most common source of false troubleshooting.

Default Router Passwords by Brand: The Complete Reference

The following table covers the most common consumer and small-business routers. This is the default router passwords list you'll return to every time you set up or recover a device. Bookmark it.

Major Brand Credential Table

Mesh and ISP-Issued Routers

Mesh systems and ISP gateway devices don't follow the same conventions as retail routers. They require a different approach:

• Google Nest / Google WiFi: No traditional browser-based admin panel. Managed entirely through the Google Home app. See the 192.168.68.1 Google Nest login guide for a breakdown of what limited browser access exists on these devices.
• Eero: App-only management with no web UI. There is no default password because there is no login page.
• Netgear Orbi: Uses orbilogin.com or the default IP. Some models use the non-standard 10.168.168.1 gateway address — check that guide if the standard IP doesn't load.
• ISP-issued gateway devices: Credentials are printed on the device but are often carrier-specific. AT&T, Comcast, and Spectrum all deploy custom firmware with non-standard defaults that differ from the retail versions of the same hardware.

How to Log In Using Default Credentials

Knowing the credentials is half the battle. Getting to the correct login page is the other half. Here's the complete process from scratch, whether you're on a new setup or recovering access.

Locating Your Router's Default IP

1. Check the router label first. Most devices print both the default IP and the admin credentials on the same sticker on the underside or back panel.
2. Find your gateway via command line. On Windows: open Command Prompt and run ipconfig. Look for "Default Gateway." On Mac or Linux: run ip route or netstat -rn and look for the 0.0.0.0 route.
3. Try the most common IPs if the sticker is missing: 192.168.1.1, 192.168.0.1, and 10.0.0.1 cover the majority of consumer routers on the market.
4. Consult a full reference if those three fail. The default router IP addresses list catalogs over 50 known gateway IPs organized by brand.

Navigating the Admin Panel

1. Type the IP address directly into your browser's address bar — not the search bar. Omit "www" and any prefix.
2. Enter the username and password from the table above. If a field is listed as blank, leave it empty. Do not type a space.
3. If the page loads but credentials are rejected, jump to the troubleshooting section below before reaching for the reset pin.
4. Once logged in, locate the Administration or Advanced section — firmware UI layouts vary significantly by brand, but admin password settings are always somewhere in this area.
5. Change the admin password before touching any other setting. This is non-negotiable.

Warning: Never access your router admin panel over a public or shared WiFi connection. Any credentials you type are potentially visible to others on that network, and changes you make to your router from an untrusted connection are a security risk.

Why Default Passwords Exist — And Why They're a Security Trap

Default passwords aren't a result of lazy engineering. They exist for operational reasons. But those same reasons create a structural vulnerability that attackers exploit at scale.

The Manufacturer's Rationale

• Routers need to be accessible out of the box, before any user configuration has occurred.
• Standardized defaults enable mass deployment by ISPs and IT teams without per-device initialization.
• Printed sticker credentials give end users a recovery path without requiring a support call.
• CISA's guidance on eliminating default passwords has pushed manufacturers toward randomized per-device credentials — but adoption remains inconsistent across the industry.

The Security Reality

The problem is structural: if millions of devices ship with identical credentials, automated scanners can log in to unpatched routers without guessing. This is not a theoretical threat. Botnets like Mirai spread almost entirely by logging into routers using a fixed list of known factory credentials.

• Shodan.io indexes publicly accessible router admin panels around the clock.
• A router with default credentials and remote management enabled is accessible from anywhere on the internet — by anyone running a script against known IPs.
• Changing your WiFi password alone is not sufficient protection. The admin password is a separate credential controlling your entire network configuration. The complete walkthrough in our WiFi password change guide covers both passwords and why both matter.

When the Default Password Stops Working

Default credentials fail more often than most people expect. Run through this checklist before reaching for the reset pin — the fix is usually simpler than a full reset.

Common Causes of Login Failure

• Wrong IP address. You may be hitting your modem, a switch, or an access point instead of the router. Confirm your default gateway via ipconfig before anything else.
• Credentials changed by a previous owner. Common on secondhand routers and ISP-returned equipment. The sticker reflects factory defaults, not what the last person set.
• Browser autofill interference. Chrome and Safari sometimes pre-fill saved credentials before you can type. Clear both fields manually and retype everything.
• Firmware auto-prompted a password change. Some TP-Link and Asus firmware versions silently prompt for a new password on first boot and save it — with no visible notification afterward.
• CAPS LOCK is on. Catches more people than any firmware bug. Always check it first.
• Model-specific credentials differ from the brand default. Some routers use non-standard gateway IPs with different credential sets. The 172.16.0.1 router login guide is a good example of a less obvious address with its own credential conventions.

Hard Reset as a Last Resort

1. Locate the reset pinhole — typically on the back or underside, labeled "Reset."
2. With the router powered on, insert a paperclip and hold for 10–30 seconds depending on model. Watch the LEDs.
3. When LEDs cycle or flash in an unusual pattern, the reset is complete. Release the pin.
4. Wait 60–90 seconds for the router to fully reboot before attempting to access the admin panel.
5. Log in using the factory default credentials from the table above or the device sticker.

Important: A hard reset erases all custom settings without exception — WiFi names, passwords, port forwarding rules, DNS configuration, and any other changes. Full reconfiguration from scratch is required.

Locking Down Your Router for the Long Haul

Getting into the admin panel is step one. What you do in the next ten minutes determines whether your network stays secure or becomes an easy target the next time someone nearby runs a scan.

Immediate Changes After First Login

1. Change the admin password immediately. Use a password manager to generate a random 16+ character string. Write nothing down — store it digitally.
2. Update the firmware. Check the manufacturer's support page for the latest release. Do this before any other configuration change.
3. Disable remote management. Unless you have a specific need for WAN-side admin access, turn it off. Some models enable it by default.
4. Rename your SSID. The factory network name often includes the router model — which tells any nearby scanner exactly which vulnerabilities apply to your device.
5. Disable UPnP. Universal Plug and Play lets applications open ports automatically without your knowledge or approval. It's a convenience feature that creates real attack surface.

Ongoing Maintenance Habits

• Check for firmware updates every three to six months. Most consumer routers do not auto-update.
• Log into the admin panel quarterly and review the connected devices list and DHCP leases. Any unrecognized MAC address is worth investigating.
• Route IoT devices and guests to a dedicated guest network — keeps untrusted hardware off your primary subnet without requiring complex VLAN setup.
• When adding new hardware, reference the model-specific login guides for accurate credentials. The 192.168.4.1 router login guide is a good example of how credentials and interface layouts vary even within the same brand family.

Beginner Moves vs. Advanced Tactics

The difference between someone who uses a router and someone who manages a network isn't technical knowledge — it's habits. Here's how those two groups actually behave when dealing with default credentials and admin access.

What Beginners Do

• Leave the factory admin password in place indefinitely after initial setup.
• Never log into the admin panel again after the first install.
• Assume the WiFi password and the admin password are the same credential.
• Rely on the ISP to "handle security" without knowing what that means in practice.
• Factory reset the router every time something goes wrong rather than diagnosing the actual issue.

What Advanced Users Do

• Store admin credentials in a password manager entry that also records the router model, IP address, MAC address, and firmware version.
• Segment the network into VLANs — management traffic, IoT devices, and guests on separate subnets — using routers that support VLAN tagging natively (Asus, Ubiquiti, pfSense).
• Monitor DHCP logs for unrecognized devices on a regular schedule.
• Know every IP in active use on their network — and know where to look for brand-specific login paths, from common gateways like 10.0.0.1 to less familiar addresses like 192.168.62.1.
• Run a local DNS resolver (Pi-hole or AdGuard Home) at the router level to block tracking and ad domains network-wide.

Frequently Asked Questions

Final Thoughts

The default router passwords list in this guide gives you everything you need to get into your admin panel and take ownership of your network. Your next step is concrete: open a browser tab right now, navigate to your router's IP, log in with the credentials above, and change the admin password before you do anything else. That single action — done today — closes the most commonly exploited entry point on home and small-office networks.