Without arguing the semantics, yes the statement is true.
There are multiple standards for WIFI encryption including WEP, WPA and WPA2. WEP is compromised, so if you are using it, even with a strong password it can be trivially broken. I believe that WPA is a lot harder to crack though (but you may have security issues relating to WPS which bypass this), and as of October 2017, WPA2 also offers questionable security. Also, even reasonably hard passwords can be brute-forced - Moxie Marlinspike - a well known hacker offers a service to do this by for US$17 using cloud computing - although its not guaranteed.
A strong router password will do nothing to prevent someone on the WIFI side transmitting data through the router, so that is irrelevant.
A hidden network is a myth - while there are boxes to make a network not appear in a list of sites, the clients beacon the WIFI router thus its presense is trivially detected.
MAC filtering is a joke as many (most/all?) WIFI devices can be programmed/reprogrammed to clone an existing MAC address and bypass MAC filtering.
Network security is a big subject, and not something amenable to a Superuser question, but the basics are that security is built up in layers so that even if some are compromised not all are - also, any system can be penetrated given enough time, resources and knowledge, so security is actually not so much a question of "can it be hacked", but "how long will it take" to hack. WPA and a secure password protect against "Joe Average".
If you want to enhance the protection of your WIFI network you can view it as a transport layer only, and encrypt and filter everything going across that layer. This is overkill for the vast majority of people, but one way you could do this would be to set the router to only allow access to a given VPN server under your control, and require each client to authenticate across the WIFI connection across the VPN - thus even if the WIFI is compromised there are other [harder] layers to defeat. A subset of this behaviour is not uncommon in large corporate environments.
A simpler alternative to better securing a home network is to ditch WIFI altogether and require only cabled solutions. If you have things like cellphones or tablets this may not be practical though. In this case you can mitigate the risks (certainly not eliminate them) by reducing the signal strength of your router. You can also shield your home so that frequency leaks less - I've not done it, but strong rumour (researched) has it that even aluminum mesh (like fly screen) across the outside of your house, with good grounding can make a huge difference to the amount of signal that will escape. [ But, of-course, bye-bye cellphone coverage ]
On the protection front, another alternative may be to get your router (if it's capable of doing it, most aren't, but I'd imagine routers running openwrt and possibly tomato/dd-wrt can) to log all packets traversing your network and keeping an eye on it - Hell, even just monitoring for anomalies with total bytes in and out of various interfaces could give you a good degree of protection.
At the end of the day, maybe the question to ask is "What do I need to do to make it not worth a casual hackers time to penetrate my network" or "What is the real cost of having my network compromised", and going from there. There is no quick and easy answer.
Update - Oct 2017
Most clients using WPA2 - unless patched - can have their traffic exposed in plaintext using "Key Reinstallation Attacks - KRACK" - which is a weakness in the WPA2 standard. Notably, this does not give access to the network, or the PSK, only to the traffic of the targeted device.
26With the right tools and enough time anything is possible. – joeqwerty – 2014-03-24T22:57:46.927
61MAC filtering is absolutely pointless – Ramhound – 2014-03-25T01:30:04.963
@Ramhound I wouldn't say any security measure is pointless, unless it introduces security holes. The knowledge base for MAC spoofing I would agree is the same as identifying 802.11 authentication vulnerabilities but I definitely would not go so far as to say pointless – Mondrianaire – 2014-03-25T17:35:45.250
5@Mondrianaire - I would. Its trivial to mask your actual MAC address. An access point will basically broadcast the MAC addresses it will listen to. Furthermore in order to connect to an access point the MAC Address is sent unencrypted over the network. – Ramhound – 2014-03-25T18:38:57.630
12@Mondrianaire For internet access, my college network required signing up, and later would identify you by MAC address. It was trivial to spoof the address of one of my dorm neighbors. If I had done anything bad using that connection, it would have been identified as her doing it. I'd say MAC address filtering is one of those things that is too easy to create a false sense of security. – Izkata – 2014-03-25T18:53:27.477
@Ramhound I am in no way arguing what degree of security MAC filtering adds, only that *if a properly implemented security measure does not decrease security, it is not trivial to implement*. It is absolutely probable that someone who Youtubed 'how to hack the wifi' ran across a tutorial on reaver and are just plugging and chugging. After all, even though your back door might have a deadbolt, I bet the screen door still has a locking mechanism. Example thread: http://www.backtrack-linux.org/forums/archive/index.php/t-47038.html
– Mondrianaire – 2014-03-25T19:17:37.9838Well I am saying MAC filtering is not a security feature – Ramhound – 2014-03-25T19:19:37.083
10@Mondrianaire - It does introduce a hole. If someone is masking their MAC address as a belongs-here address, it's one less clue that someone who isn't supposed to be there has been on your network. If you aren't filtering MAC addresses, they probably won't bother to do that. – Compro01 – 2014-03-27T05:00:27.763
There are codes that allows you to clone MAC address, which is especially common in routers. When I saw that it can be cloned, it already told me that MAC address filtering should be as a "secondary" addition to your security, but definitely not part of top level of the security implementation. – Faron – 2014-03-27T21:46:31.057
Can anyone advise why MAC filtering is not a security feature? I understand a MAC address can easily be spoofed but how can the attacker know one of the MAC addresses on the whitelist without being connected to the network? – Andy – 2014-03-28T12:17:11.743
I did it a few years ago with a guide and simple knoppix distro full of security tools. Took only 45 seconds to get the WEP code with only 1 hour of logging the IV's. – DustinDavis – 2014-03-28T19:40:17.780
@Mondrianaire The locking mechanism on screen doors is to prevent the wind from pushing the screen open when you want the airflow into the house (and to keep the bugs out). – Izkata – 2014-03-29T18:38:50.720
@izkata The latching mechanism is separate from the locking mechanism. – Mondrianaire – 2014-03-29T20:13:30.973
@Mondrianaire In which case, no, none of our 3 screen doors had a locking mechanism. – Izkata – 2014-03-29T23:18:22.957
@izkata You have obviously lost the point of the argument in semantics. – Mondrianaire – 2014-03-29T23:49:19.163
1
Safes and door locks are rated in time to bypass (http://www.lockwiki.com/index.php/UL_437). Security is never a yes/no question. A better question to ask is how long do different security measures protect against covert entry.
– ghangas – 2014-03-30T19:02:50.2771
Defense in Depth (http://en.wikipedia.org/wiki/Defense_in_depth) "Rather than defeating an attacker with a single, strong defensive line, defence in depth relies on the tendency of an attack to lose momentum over a period of time or as it covers a larger area." The point of layering WPA2, a hidden SSID, MAC access filtering, strong passwords, and everything else together is never to defeat intrusion attempts. The point is to make the attempt egregious enough that the attacker will move on to an easier target.
– JMD – 2014-03-31T16:37:07.187I have the same question as Andy, while Mac Address is not the end all, doesn't help in that you would need to know the Mac Address to filter first. Also if two devices are connected with the same MAC address (or the second one tries to connect) wouldn't that be an indication of a problem. Are there any routers out there that will prevent two of the same MAC Addresses? – Mike – 2014-03-31T18:33:32.347