Are Open Wi-Fi Networks Safe?
Public Wi-Fi is extremely convenient, safer than it used to be, and, of course, free. But are the risks of logging on worth it?
Public Wi-Fi is a huge convenience to people who work remotely, travel often, or just want to check social media and email quickly when they’re out and about. But in the past, open Wi-Fi has been much maligned as a dangerous Internet space where your information is at risk. Is that still true, and if so, what exactly are the dangers that come with using public Wi-Fi?
The risks depend considerably on what kind of Wi-Fi network you’re using. Public, free Wi-Fi networks—found in airports, coffee shops, and other public spaces where you should never use public Wi-Fi—often require you to type in a password, and maybe even create an account, to access the Internet; this is considered “secure Wi-Fi.” Often, though, all you need to do is “sign in” by checking off a terms and conditions agreement, or perhaps nothing at all. This should be a red flag that you’re dealing with an open Wi-Fi network, also known as an unsecured network.
Is using public Wi-Fi dangerous?
Much of the earlier danger of using public Wi-Fi has been resolved, now that most websites are encrypted with HTTPS (“hypertext transfer protocol secure”). That means that any data sent over the Internet is scrambled into a meaningless string of letters and numbers that can’t be decoded by “eavesdroppers.”
Earlier, that wasn’t the case, and hackers could easily steal your passwords when you logged into websites, snoop on your online activity, or even “inject” their own content onto the websites you visited. But by 2016, about half of all websites were using HTTPS. Now, in 2020, more than 90 percent of all web page loads in the United States use this technology. Here’s why URLs start with HTTPS.
Still, that doesn’t mean that public Wi-Fi is now completely safe. “We can’t 100 percent say, ‘If your devices are encrypted and you’re visiting encrypted websites, then you’re safe from hackers,'” warns Tom Kirkham, founder and CEO at IronTech Security. In the race to steal your data, hackers are always developing new strategies. And if you’re using an open, unsecured Wi-Fi network, all bets are off. You should always avoid doing these 14 things on public Wi-Fi.
What can happen if I use open Wi-Fi?
You run the risk of connecting to a malicious hotspot; a hotspot is simply a location where people can access the Internet, like at an airport, restaurant, or university. “Malicious hotspots…may look legitimate but they’re actually fake,” Kirkham says. “A lot of the time, cybercriminals can [still] steal passwords, install malicious software, and snoop on your computer because you’ve connected to a Wi-Fi network that is not a legitimate network,” Kirkham says.
“When a user connects to a fake Wi-Fi network or hotspot,” Kirkham explains, “they’re basically giving hackers an invitation into their device,” opening the door to what’s known as a “man in the middle” attack. Basically, when you try to connect to a specific website—say, your bank—the malicious hotspot redirects you to a website that looks like your bank’s but is not secure. When you type in your password, credit card number, or other sensitive information, hackers steal it. “It’s usually done so seamlessly that people don’t even realize it’s happening until it is too late,” Kirkham says.
A similar attack, known as the “evil twin” hack, occurs when someone sets up a network with a name very similar to the one you intended to use, and hopes you’ll connect to it by accident, so they can phish, or trick you into divulging your personal information. (If you’ve used a public network, you’ve probably seen some pretty funny Wi-Fi names.)
Even if you connect via HTTPS to a legitimate website over a legitimate network, cybercriminals could still gain some information about your browsing habits. That’s because the domain name system, or DNS, is not always encrypted. In other words, hackers could see the domain name of the sites you visit, like RD.com, but not the specific pages you visit at that domain, or the information you enter there.
What’s the best way to keep my information safe?
The good news is that you definitely don’t have to give up public Wi-Fi completely. Kirkham suggests several ways to keep your information as safe as possible while browsing.
The best defense is using a virtual private network or VPN, Kirkham says. A VPN creates a secure connection between your device and the internet by using an encrypted and secure connection to the VPN server. “It protects your data by encrypting it so malicious actors cannot tell what you are doing online,” he says.
Businesses often install VPNs on the devices their employees use while working outside the office, but they’re available to individuals as well. You can simply download one from your usual app store and install it on your personal device. Here’s how a VPN can keep your information safe on public Wi-Fi.
What else can I do to protect my data on public Wi-Fi?
- Check to make sure the website is secure. When you connect to a website, always make sure it’s secure before entering any private information. To determine if a site is secure, look for “https” in the website’s address; if it only says “http” without the “s,” do not proceed. Many web browsers, like Chrome, Edge, and Safari, also show a padlock icon in the address bar when a site is secure. Be aware that mobile apps typically don’t have anything visible to the user that indicates whether it is encrypting your data or not, so consider not using apps over public Wi-Fi if they contain sensitive information.
- Use your smartphone as a mobile hotspot. Most devices come with this ability built in, though some service providers may charge for it. “You always have the option to purchase or rent an encrypted hotspot unit,” too, Kirkham notes, as most large carriers offer them as standalone devices.
- Use two-factor authentication whenever logging into websites where it’s available. This system requires you to enter your password, then wait a few seconds for a secret code, typically a string of numbers, to be texted back to you. Then you’ll need to enter that code to gain access to the website. The practice is offered at most major websites, including Google, Facebook, Twitter, Microsoft, and Apple.
- Avoid using the same passwords across multiple sites or apps. That way, even if a scammer figures out access to one site, they won’t be able to hack into all your other accounts. You can also help safeguard your passwords by using an encrypted password manager, so you’re never entering your actual passwords online.
- Turn off file sharing. If you normally use file sharing on your computer at work, or even at home with other family members, be sure to disable it before using public Wi-Fi.
- Remember to log off. “You don’t want to just close the tab or app when you’re done, because some browsers automatically save your credentials for easy login,” the next time you use a site, Kirkham says. When you’re finished online, be sure to log off the website or app as well as the network to ensure no one else can access those credentials.
- Make sure your software is updated. Finally, be sure to keep the software on your devices up to date. They often include security patches for known vulnerabilities.
Next, read on to learn the top mobile security threats of 2021.
- Tom Kirkham, founder and CEO at IronTech Security