@vecii you will probably find that it is your iPhone!

  @vecii 

It is your iPhone or iPad most likely. The feature is called "Private WiFi Address," also known as "MAC address randomization."

This is how to turn it off for Deco mesh SSID in your Apple device:

1. Open the Settings app, then tap Wi-Fi.

2. Tap the More Info button next to a network.

3. Tap to turn Private Wi-Fi Address off. 

  @Alexandre. Thank you for the reply. 

However...

It is neither my phone nor my tablet, nor any other device in my home. It is still there even after I switch off all the devices except for my PC. I also have a new unauthorized device that showed up on the client list from IoT category (which I don't have at home). 

The problem is...

They showed up even after I renewed my password. I heard in the forum that another user had suffered from a similar problem in the past. 

I find it unsafe to continue to use it this way. I will surely return the kit. 

Thank you anyway.

  @vecii 

Your concerns are understandable.

In your case, it would make sense to get WiFi mesh with whitelist (allow list) feature, which lets you explicitely permit devices to join your WiFi network.

Deco X60 runs on firmware 1.2 that does not support whitelist. It is not clear when or if TP-Link will release firmware for X60 that supports whitelist. You should return that set, your decision is correct. 

If you like Deco mesh in general and OK to give it another try, I recommend to order set of Deco X50 or Deco X55. These are similar by performance models to X60, 3-unit set X50/X55 can do. They support whitelist feature with their firmware. Deco whitelist feature is documented here, under "Wi-Fi Access Control" name: https://community.tp-link.com/en/home/forum/topic/621412

vecii wrote

  @Alexandre. 

 

I heard in the forum that another user had suffered from a similar problem in the past. 

 

  @vecii 

To address this part specifically. I also saw claims on that forum that rogue device could access Deco mesh WiFi without password. In all cases where Deco mesh was not misconfigured (i.e., Guest Network left without password) and where "MAC address randomization" was disabled, the culprit was found to be someone from the household or business sharing WiFi password.

There has not been proven case where device can connect to Deco WiFi mesh without using valid password device owner obtained through people already having it.

With whitelist feature, you will be in control of the case where SSID/password is shared without your knowledge, or you missed device with "MAC address randomization" enabled.

Even if you decided to go with different WiFi mesh brand, check in that brand forums or its Support that WiFi mesh provides whitelist (allow list) feature.

@Alexandre I appreciate all the support you provided. Thank you very much.

vecii wrote

@Alexandre I appreciate all the support you provided. Thank you very much.

  @vecii you can tell if the MAC address is a private address (and therefore not one that has been assigned by a manufacturer to a physical device), the second digit of the MAC address will begin with 2, 6, A or E.

These are the randomized MAC addresses we are seeing now, on phones, iPads and tablets.

Note also that the address list of the Deco doesn't always update quickly so removing devices and expecting them to disappear can be misleading.