We last wrote a tip on public Wi-Fi back in 2015, so it’s time to revisit the topic again because free Wi-Fi is now everywhere (hotels, airports, coffee shops, restaurants, etc.). There are also a lot of different schools of thought on how safe they are and whether we really need to worry when we use them.
Here’s the bottom line:
Don’t ever use public Wi-Fi to do anything that requires you to enter personal information, EVER!
This would include information such as: social security numbers, credit card numbers, or any usernames and passwords. Yes – that means don’t check your bank account balance while you are sipping your latte at a Starbucks and are connected to their free Wi-Fi. For those of you who work in a highly regulated industry such as financial services or healthcare, you should consider not using public Wi-Fi at all. The risks far outweigh the convenience.
Here are several reasons (and there are many more) why you should stop using public Wi-Fi:
- You have no idea if the Wi-Fi network you’re on has encryption turned on or not. If it’s not encrypted, then anything you send across it has the potential for someone else to intercept and read.
- The Wi-Fi you are connecting to might not be the actual establishment’s Wi-Fi. A hacker can easily prop up their own Wi-Fi signal and disguise it to look like the place you are in. Then, when you connect to it, you are on the hacker’s network, and everything you do can be seen, read, and recorded by them.
- If a public Wi-Fi has been compromised and you connect to it, a hacker can send you a notice that you need to install an update to your system. This would of course be a piece of malware that then exploits your system and grants them access to your device.
Some things you can do when in public to protect yourself are:
- Consider using a VPN. A VPN will create an encrypted connection for you and therefore shield your information from anyone trying to intercept your data. A VPN may slow things down a bit, but it is worth the inconvenience to know that your data is secure.
- Consider using cellular. In general, carriers’ (such as AT&T and Verizon’s 4G LTE) cellular networks are more secure than public Wi-Fi because your data is encrypted. So if you are at a coffee shop and need to log in to your bank account, then do it from your mobile device while on your carrier’s cellular network. You can also leverage your cellular network further for devices other than your smartphone by getting a portable Wi-Fi hotspot. Remember to enable encryption on it and set a strong password.
- Implement two-factor authentication when logging into sensitive sites. If you’re on a compromised Wi-Fi and someone can get your login information, they won’t be able to access your account because they’ll get stuck at the two-factor authentication step.
- Only visit websites with HTTPS encryption when in public places, as opposed to lesser-protected HTTP addresses. The “S” stands for secure and means that the site is less likely to be compromised. This of course doesn’t help you if you are connecting to it from a compromised Wi-Fi network and your login information is being recorded by the bad guys.
Remember, free is free for a reason…and that young kid sitting in the corner of the coffee shop might be the next hacker looking to make a name for themselves.
Great article Richard.
What about the “Comcast Xfinity” hotspots around town that show a secure connection and you have to use your user name and password to gain access.
Great question and depending on who you talk to, you can get a variety of answers. My answer would be the same: you can’t really trust the Wi-Fi hotspot that you are connecting too even if it is coming from your cable provider. The request for you to enter your username and password is really a way to validate that you are a subscriber with Comcast/Spectrum rather than it being a secure and encrypted connection. The other thing you have to consider is that it is very easy for a hacker to prop up a network that looks like an xfinity hotspot and then allow unsuspecting users to login to it and monitor what they are doing. Hope that helps.