There are router-specific variations but in this respect I believe all consumer routers work in essentially the same fashion
The SSID was most certainly changed, and to my knowledge they didn't touch the router. Is there a way to have a password to change setting on the router that is separate from the password that allows people to connect to the router?
Yes. When you connect to the router's administrative interface via http://192.168.1.1
you should be prompted for a user name and password. Since this is a Linksys router, the default will be admin
for both. This is the administrative password, and no one else needs to know it. The first thing you should do is change it to something else (in the Administrative Management section of the UI), but it is entirely separate (and should be different) from the passphrase you set up for WPA2 security in the wireless section of the interface (which is, in turn, different from the password you might set up for Guest access). Only you need to know the Admin password you have set (and as a further precaution, you can set the admin interface to only be available via wired connection, so that no one can even access the administrative interface via WiFi). Other users of the network only need to know the WPA2 passphrase, or if you just want to give them guest access, the guest passphrase.
Edit: I just looked at the manual
. Logging into the router is on page 6, which directs you to changing the admin password on page 41; while you are there you can also disable access (to the admin interface) via wireless. Setting passwords for network access is on 14 and guest access is on 18.
It's possible you used their setup software, which may have called these things something different or otherwise confused the issue, but you can still log into the router directly and do this.