The fact that you can play as a "script-kiddy" and just download a piece of software on any platform and just scan I'd say it's pretty easy, even if they don't know the inner workings of such.

But no, SSID was never made and is not meant to be hidden or even encrypted. The 802.11 wireless spec requires access points to broadcast their SSID openly and while some companies implemented methods of "hiding it", it's like hiding a massive pink elephant in a forest. Softwares like InSSIDer, airodump-ng, NetStumbler, Kismet etc can find it in a couple of seconds and it doesn't matter if you set to the AP to hide it, or use WEP or WPA2. It's a total myth that needs to be killed off sooner rather than later. The only thing it does is to make if WORSE for those who actually need access to the network as they need to manually enter everything by hand, which is far more time-consuming than sniffing it off open signals.

It's like DRM - it hurts those with legal access the most.

Not to mention, clients will periodically leak the SSID of the hidden network even if the network isn't around.

"Introduction - Why Non-broadcast Networks are not a Security Feature"
[url=https://docs.microsoft.com/en-us/previous-versions/tn-archive/bb726942(v=technet.10)?redirectedfrom=MSDN#EDAA]https://docs.microsoft.com/en-us/previous-versions/tn-archive/bb726942(v=technet.10)?redirectedfrom=MSDN#EDAA[/url]

And as far as I remember, the old IEEE 802.11 doesn't encrypt L2 datagram headers, as in MAC.addresses, so only the data are both encrypted and authenticated. In any case, MAC filtering is used for legitimate administration reasons inside a network with f.ex VLANs or to use a timed-whitelist etc.

If you want to do it then by all means do it, but don't say it's an added security measure because it isn't, and adds more hassle than it's worth it

Again, best measure to prevent unauthorized access is a simple as having a long password/passphrase with WPA2+ and regularly change it, deny WLAN and WAN access to router, updated router etc.

If you have a 10 million dollars secret on your computer - for christ sake, plug it off the Internet :D

it might be, because I am an old fart, but I really like the idea of a free accessible internet for everybody everywhere, but I agree, Covid home-office and lock-downs reduced the need for free wifi a lot.

4G is not really comparable to cable based internet here - a cell is a shared medium with bandwidth and RTT fluctuations, especially if your cell is pretty full. Good luck if everybody and his brother decides to watch Netflix if you are currently doing some multiplayer gaming.

Have you considered the joyful world of flashing custom firmware?

Yeah... too bad I can't use that as then I'd have to use dozens of meters of cable to reach two of my PCs which are in other rooms, and my kids' tablet would be without an internet connection altogether. Oh right and my Chromecast device wouldn't work either as it requires a wifi connection.

Anyway, I use the more common methods like:
- changing the router admin password (and changing the admin username as well, if possible)
- a strong WPA2 password
- using the router in NAT mode, not bridged. If I'd need to use a PC as a server, I would use port forwarding for the relevant ports.
- making sure the router firmware is up to date; in my case it is my ISP's router so they automatically update the firmware, I believe (not sure if the ability to update the firmware should be considered as a security threat..).

I haven't used e.g. MAC filtering because but I guess I could prevent SSID broadcasting, but all in all I am more concerned about attackers from the internet than my neighbors trying to use my internet connection.

Unless you leak your user/pw (or re-use it), changing it regularly doesn't provide extra security. For most people it even has the opposite effect; when forced to often change their password, they'll start picking easier ones (to memorise).
I mentioned 4G for mobile internet (when non commercial public hotspots are the alternative), not for use at home.
Sure, I know that there are still plenty areas of in the world (rural areas/poor countries) where cabled internet is rare and the local IPS work with 3G/4G modems.... but I wasn't thinking/talking of that.

Depends. Normally I recommend (long) passphrases that are easier to remember for normal users, than writing it on a postit note and forget about throwing it away. When I personally change (even locally) I always log out and in again a couple of times to remember the new one better.

Ex: I_have_5_horses_in_my_teeth
is far better than g6FDHs4w5 for a normal user.

Remembering the past passwords are thankfully pretty common nowadays, so reusing is frowned upon.

But changing it does provide an extra security measurement depending on what you are securing. Companies does rotate passwords/passcodes often if there is a need for it. How much is the information/object worth and how much should we use on securing it? There's always a trade-off either way.

This has been illustrated on XKCD here:

https://xkcd.com/936/

Also a password generator for "correct horse battery staple"-like passwords exists (of course it does ^^):

https://correcthorsebatterystaple.net

Sure theoretically speaking, every added security measure improves security. If you turn your house into Fort Knox it will be safer from most burglars.
But in practice, security is preferably "reasonable". And I think that regularly changing a non-leaked/reused password (an/or username) is (usually) is unbalanced on the effort/security scale.

The company I work for decided a couple years ago that providing mandatory security courses is better than forcing its employees to change their password monthly (now it's every 6 months).
It's different from the perspective of a company. They can never be sure about how each employee treats their log in information. Me, as an individual - I know perfectly well that my router/pwa login has never been leaked, reused, and is unlikely to be brute forced, guessed or phished.

Gentlemen! you are representing very high level of knowledge that I need to study now.

This is what my internet provider is proposing me to secure my WiFi network

Yes, after I met Kali I switched to cable : ) and there is no local network in place as I have two more internet sources (mobiles with fair internet plans) and can create a portable hotspot with my mobile just in case (on a top I am not turning on my wifi in mobile when home). My printer is occasionally wified by its own wifi to laptop and I don`t really need to switch cable between laptop and tv, as it is set (hdmi connected). Yes meters yards. There are
https://www.google.com/search?client=firefox-b-d&q=cable+hider
that helps with cooper wires : )
I apologise for not stating my infrastructure at start and what do I know already, but for sake of your inspiring posts and conversation I would do that again.

Please let me study for few hours, and more comments welcome.

edit 21:11 26/10/2020: Thank you so much for your help! All of You! I starred subjectively suitable explanation / solution
I will read this Topic again and again... Thank You All ! and All +1

I don't think it's exceptional - most big multinationals can pay an army of IT professionals that keep up with the latest research/papers/specialised news articles. ;-)
The downside is that sometimes they're not very good at dealing with non-centralised exceptions. It's like that for every aspect of society: balancing the needs of the many versus the needs of the few (and realising that they're not necessarily separate issues).

Make that WPA2-PSK with CCMP (AES). Theoretically, some routers will still allow you to use TKIP or even worse, use it by default - and TKIP is no longer secure. TKIP in conjunction with a weak PSK will get your WiFi network infiltrated in a matter of minutes on commodity hardware (someone with a decent laptop that's in range and can intercept traffic for example).

Consider installing openwrt system on your router.

Thanks for the necro! It gave me a chance to be security Nazi.