MyFRITZ! Service

Security tips for using MyFRITZ!

Not only computers, smartphones and smart home devices, but also routers are increasingly being targeted by hackers. Therefore, each FRITZ!Box is secured with an individual password and the integrated firewall fully protects the devices connected to the FRITZ!Box from attacks from the internet.

To offer your MyFRITZ! account and the FRITZ!Boxes registered with it the best possible protection against attacks, note the following security tips and adjust the settings of your MyFRITZ! account and the registered FRITZ!Boxes, if necessary.

1 Using individual account information

If you use MyFRITZ! to access several FRITZ!Boxes, use different account information in all of the FRITZ!Boxes. This way you can prevent unauthorized persons from accessing several FRITZ!Boxes with the same account information:

  1. Click "System" in the FRITZ!Box user interface.
  2. Click "FRITZ!Box Users" in the "System" menu.
  3. Click the "Add User" button.
  4. Enter an individual username for the user. Do not use a name that you already use in a different FRITZ!Box and do not use names that are easy to guess, such as admin, guest, fritzbox, remote, or user.
  5. Give the user an individual password that is strong enough. Do not use a password that you already use in a different FRITZ!Box or for a different service, such as your MyFRITZ! account, Amazon, Facebook, or Google.

    Note:You can find information on strong passwords from the National Institute of Standards and Technology and National Cyber Security Alliance (NCSA), for example. A password manager like Bitwarden or KeePass can help you keep track of things while also generating cryptographically complex passwords.

  6. Enable the option "Access from the internet allowed".
  7. Enable the option "FRITZ!Box settings" under "Rights". You can assign additional rights according to your individual needs.
  8. Click "Apply" to save the settings.

2 Using an alternative HTTPS port

  1. Click "Internet" in the FRITZ!Box user interface.
  2. Click "Permit Access" in the "Internet" menu.
  3. Click on the "FRITZ!Box Services" tab.
  4. Instead of the default port 443, enter an unused port from the range 1024 to 65535 in the field "TCP port for HTTPS". This makes it more difficult for unauthorized persons to determine whether it is at all possible to access the FRITZ!Box over HTTPS.
  5. Click "Apply" to save the settings.

3 Setting up additional confirmation for the FRITZ!Box

Enabling additional confirmation

  1. Click "System" in the FRITZ!Box user interface.
  2. Click "FRITZ!Box Users" in the "System" menu.
  3. Click on the "Login to the Home Network" tab.
  4. Enable the option "Extra confirmation to configure certain settings and functions".
  5. If it should also be possible to change security-relevant settings of the FRITZ!Box over the internet, enable the option "Enable confirmation via Google Authenticator app".

    Important:Enabling this option requires additional confirmation and can therefore only be done where the FRITZ!Box is located.

  6. Click "Apply" to save the settings.

Installing an authenticator app

The following steps are only necessary if it should also be possible to change security-relevant settings of the FRITZ!Box over the internet:

  1. Install an authenticator app on your mobile device that supports the TOTP procedure (for example Google Authenticator, Microsoft Authenticator, 2FAS Authenticator, Authy).

Configuring the authenticator app

  1. Click "System" in the FRITZ!Box user interface.
  2. Click "FRITZ!Box Users" in the "System" menu.
  3. Click the (Edit) button for the user who should be allowed to change security-relevant settings over the internet.
  4. In the section "Confirmation via Google Authenticator app", click "New Setup" and on the FRITZ!Box, confirm that the procedure may be executed if asked to do so.
  5. Select the operating system of the mobile device and enter a name for the mobile device.
  6. Open the app and set up a new account.
  7. Point the camera on the mobile device at the QR code displayed by the FRITZ!Box until it is recognized.
  8. Click "Next".
  9. Enter the code shown by the authenticator app in the field "Enter code".
  10. Click "Next" and then "Finished".

4 Setting up additional confirmation for MyFRITZ!

Protect the login to your MyFRITZ! account on myfritz.net with additional confirmation, for example with an authenticator app, a fingerprint scanner or face recognition on the mobile device, or on the computer with a USB security key (U2F security token). Here we show you how to set it up using an authenticator app as an example:

  1. Call up myfritz.net in a web browser.
  2. In the corresponding fields, enter the email address and MyFRITZ! password you used to register with MyFRITZ!, and click "Log In".
  3. Solve the CAPTCHA.
  4. Click the three-dot menu in the upper-right corner of the web page and then "Account Settings".
  5. Click "Additional protection".
  6. Click "Configure" in the section "Configure Confirmation with One-time Password".
  7. Open the app and set up a new account.
  8. Point the camera on the mobile device at the QR code displayed in the MyFRITZ! account until it is recognized.
  9. Enter the code shown by the Authenticator app in the field "Confirmation code".
  10. Click "Confirm".
  11. Click "Save" to save the recovery key for the MyFRITZ! account.
  12. Enable the option "I saved the key" and click "Finished".

Now your MyFRITZ! account and the FRITZ!Boxes registered with it are protected. See "Diagnostics > Security" for further information and recommendations on securing your FRITZ!Box.