Recommended settings for Wi-Fi routers and access points
Security
The security setting controls the type of authentication and encryption used by your Wi-Fi router. This setting allows you to control access to your wireless network, as well as to specify the level of privacy you'd like to have for data you send over the air.
Set to: WPA2 Personal (AES)
Details: WPA2 Personal (AES) is currently the strongest form of security offered by Wi-Fi products, and is recommended for all uses. When enabling WPA2, be sure to select a strong password, one that cannot be guessed by third parties.
If you have older Wi-Fi devices on your network that don't support WPA2 Personal (AES), a good second choice is WPA/WPA2 Mode (often referred to as WPA Mixed Mode). This mode will allow newer devices to use the stronger WPA2 AES encryption, while still allowing older devices to connect with older WPA TKIP-level encryption. If your Wi-Fi router doesn't support WPA/WPA2 Mode, WPA Personal (TKIP) mode is the next best choice.
Using WEP isn't recommended for compatibility, reliability, performance, and security reasons. WEP is insecure and functionally obsolete. Use TKIP if you must choose between it and WEP.
For reference, "None" or unsecured mode, provides no authentication or encryption. If you use this security mode, anyone will be able to join your Wi-Fi network, use your Internet connection, or access any shared resource on your network. Also, anyone will be able to read any traffic you send over the network. For these reasons, this security mode isn't recommended.
Due to serious security weaknesses, the WEP and WPA TKIP encryption methods are deprecated and strongly discouraged. These modes should be used only if it is necessary to support legacy Wi-Fi devices that don't support WPA2 AES and cannot be upgraded to support WPA2 AES. Devices using these deprecated encryption methods won't be able to take full advantage of 802.11n performance and other features. Due to these issues the Wi-Fi Alliance has directed the Wi-Fi industry to phase out WEP and WPA TKIP.