How to Avoid Security Risks on Public Wi-Fi Networks

Updated: Nov. 06, 2023

Protect your personal information by taking precautions when using public network Wi-Fi

Public network Wi-Fi is a huge convenience to people who work remotely, travel often or just want to check social media and email quickly when they’re out and about. But in the past, open Wi-Fi has been maligned as a dangerous internet space where your information is at risk. Top online security concerns include spyware and harmful sites created to trick you into giving up passwords or installing malicious software.

No Wi-Fi network is completely risk-free, but the safety of your personal information depends considerably on what kind of Wi-Fi network you’re using. Your home Wi-Fi probably isn’t a public network and should be safe. But the free Wi-Fi you encounter at airports, doctor’s offices, coffee shops and other public spaces is another story. Hotel Wi-Fi can also be a threat to your security. Usually, the business discloses its Wi-Fi password so you can type it in, and it might even require you to create an account before you can access the internet; this is considered secure Wi-Fi. Often, though, all you need to do is “sign in” by checking off a terms-and-conditions agreement. And sometimes you don’t have to do anything at all. Consider this a red flag that you’re dealing with public network Wi-Fi, also known as an unsecured network.

Like using good passwords and knowing how to tell if your computer has been hacked, being able to identify the places where you should never use free Wi-Fi based on signs of a shady open Wi-Fi network is a key step in ensuring you stay safe online. So read on to find out what’s at risk when you log on in public and the pros and cons of using public Wi-Fi.

Is public Wi-Fi safe?

Much of the earlier danger of using public Wi-Fi disappeared when websites became encrypted with HTTPS (hypertext transfer protocol secure). When a URL contains HTTPS, any data sent over the internet is scrambled into a meaningless string of letters and numbers that can’t be decoded by “eavesdroppers.”

Earlier, that wasn’t the case, and hackers could easily steal your passwords when you logged in to websites, snoop on your online activity or even inject their own content onto the websites you visited. But by 2016, about half of all websites were using HTTPS.

Now, more than 99% of all browsing time on Chrome is on HTTPS websites. Other browsers are close behind, with 97% of Windows browsing and 95% of Android browsing taking place on HTTPS sites.

Still, that doesn’t mean that public network Wi-Fi is now completely safe. “We can’t 100% say, ‘If your devices are encrypted and you’re visiting encrypted websites, then you’re safe from hackers,'” warns Tom Kirkham, founder and CEO of IronTech Security. In the race to steal your data, hackers are always developing new strategies.

And if you’re using an open, unsecured public Wi-Fi network, all bets are off. “Ultimately, it’s every user’s responsibility to be vigilant about protection,” Kirkham says. “The more private you are, the more secure you are.”

Why should we not use public Wi-Fi?

Public network Wi-Fi can expose users to potential security risks, particularly on sites where you are the product, according to Kirkham. “With anything free, like Facebook or Google, you are the product, not the customer,” he says. “They are selling your personal information. Security is a hindsight priority.”

For that reason, Kirkham strongly advises against using these sorts of sites on public network Wi-Fi. “In the worst-case scenario, that data could be used for extortion or identity theft.” Other, less severe (but more common) consequences of using public Wi-Fi without taking proper precautions include the following:

Malicious hot spots

A hot spot is simply a location where people can access the internet, like an airport, restaurant or university. “Malicious hot spots … may look legitimate, but they’re actually fake,” Kirkham says. “A lot of the time, cybercriminals can [still] steal passwords, install malicious software and snoop on your computer because you’ve connected to a Wi-Fi network that is not a legitimate network.”

Man-in-the-middle attacks

“When a user connects to a fake Wi-Fi network or hot spot,” Kirkham explains, “they’re basically giving hackers an invitation into their device.” This opens the door to what’s known as a man-in-the-middle attack.

It works like this: When you try to connect to a specific website—say, your bank—the malicious hot spot redirects you to a website that looks like your bank’s but is not secure. When you type in your password, credit card number, email address or other sensitive information, hackers steal it. “It’s usually done so seamlessly that people don’t even realize it’s happening until it is too late,” Kirkham says.

Evil twin attacks

Similar to man-in-the-middle attacks, “evil twin” attacks occur when bad actors set up a network with a name very similar to the one you intended to use, hoping you’ll connect to it by accident. The goal: carry out phishing attacks or trick you into divulging your personal information.

Unencrypted networks

Even if you connect via HTTPS to a legitimate website over a legitimate network, cybercriminals could still snoop on your browsing habits. That’s because the domain name system, or DNS, is not always encrypted. In other words, hackers could see the domain name of the sites you visit, like, but not the specific pages you visit at that domain or the information you enter there.

How do I keep my information safe when using public network Wi-Fi?

While there are many cons of using public Wi-Fi, the good news is that you definitely don’t have to give up public Wi-Fi completely. Kirkham suggests several ways to keep your information as safe as possible while browsing.

Use a VPN

One of the best ways to keep your information safe on public Wi-Fi is to invest in a virtual private network. Better known as a VPN, it creates a secure and encrypted connection between your device and the internet. “It protects your data by encrypting it so malicious actors cannot tell what you are doing online,” Kirkham says.

Businesses often install VPNs on the devices their employees use while working outside the office, but they’re available to individuals as well. You can simply download one from your usual app store—Astril VPN, NordVPN and ExpressVPN are a few expert favorites—and install it on your personal device. “There are many good ones, and reading reviews can provide advice,” Kirkham notes.

Use your smartphone as a mobile hot spot

Most devices come with the ability to turn your smartphone into a mobile hot spot, though some service providers may charge for it. “You always have the option to purchase or rent an encrypted hot spot unit,” Kirkham notes, as most large carriers offer them as standalone devices.

Want to really safeguard your sensitive information? “The safest course of action is to use the phone as a hot spot and turn on a virtual private network,” Kirkham says. “This way, data is encrypted in a much stronger way. This puts Wi-Fi out of the picture. Just be certain to have a very strong password that you don’t use anywhere else.”

If you do use your phone for accessing the web in public, consider downloading a security app first.

Check the website security

Anytime you connect to a website over public network Wi-Fi, make sure it’s secure before entering any private information. To determine if a site is secure, look for “HTTPS” in the website’s address; if it only says “HTTP” (without the “S”), do not proceed. As a rule of thumb, never browse HTTP websites on public Wi-Fi.

Many web browsers, like Chrome, Edge and Safari, also show a padlock icon in the address bar when a site is secure. Be aware that mobile apps typically don’t have anything visible to the user that indicates whether your data is encrypted or not, so you may want to avoid using apps over public Wi-Fi if they contain sensitive information.

Use two-factor authentication

If a website offers this extra security step when logging in, take advantage of it. Two-factor authentication just means that after you enter your password (the first factor), you’ll need to submit a second factor to prove you are who you say you are. While there are a few ways you can verify your identity, the most common is by entering a code, typically a string of numbers, that the website or app texts to you. Most major websites offer an option for two-factor authentication.

Avoid using the same passwords across multiple sites or apps

Admittedly, using the same passwords for all your accounts makes logging in quick and easy. It also puts you at serious risk for security breaches, which is why cybersecurity experts all agree it’s a big no-no. If you’re concerned about online security, you need a different password for each account. That way, even if scammers gain access to one site, they won’t be able to hack into all your other accounts.

You can also help safeguard your passwords by using an encrypted password manager so you’re never entering your actual passwords online. Bonus: Most password managers can also create complex passwords that meet all the requirements of any site, and they’ll store them so you don’t have to remember them.

Turn off file sharing

If you normally use file sharing (with iCloud or Google Drive, for instance) on your computer at work, or even at home with other family members, be sure to disable it before using public Wi-Fi. With it turned on, your shared files and folders may be accessible to others on the same open Wi-Fi network.

Remember to log off

“You don’t want to just close the tab or app when you’re done, because some browsers automatically save your credentials for easy log-in,” Kirkham says. When you’re finished online, be sure to log off the website or app as well as the network to ensure no one else can access those credentials.

Make sure your software is updated

Finally, be sure to keep the software on your devices up to date. Instead of asking the software update warning to remind you tomorrow (and the next day and the next…), download the update as soon as it’s available. Often it’ll include security patches for known vulnerabilities.