So you're at your favorite coffee shop and have hopped onto the free WiFi with your tablet to check your social networks, read the latest news, and maybe take a quick peek at your bank balance while you're enjoying your latte. We're so used to having Internet access whenever and wherever we need it that we don't often stop to consider whether logging into a public network is safe.
Over the last decade, Techlicious has been tracking the dangers of using public WiFi, and we have found three major ways these free public hotspots could get you into trouble. And to keep you safe, we recommend five simple things you can do to protect your privacy when you use public WiFi.
The 3 big risks of free public WiFi
Using public WiFi is like having a conversation in a public place: Others can overhear you unless you take precautions.
1. Your personal information is sent in clear text
If you don't take precautions, information your devices send over a public WiFi network goes out in clear text — and anyone else on the network could easily take a look at what you're doing with just a few simple software tools.
Someone spying could easily pick up your passwords or other private information. If you use the same password on multiple sites, that could be a big problem. This is the biggest concern with public hotspots.
2. You connect to a honeypot WiFi hotspot set up by thieves
The next potential problem is what is called a honeypot. Thieves might set up their own WiFi hotspot with an unassuming name like "Public WiFi" to tempt you to connect so they can grab up any data you send. These are easy to set up without any kind of special equipment — it could be done just using a laptop or smartphone — so you could run into them anywhere.
3. Hackers hijack your connection to social media and other sites
Finally, using public WiFi puts you at risk for session hijacking. This is when a hacker who's monitoring your WiFi traffic attempts to take over an open session you have with an online service (like a social media site or an email client) by stealing the browser cookies the service uses to recognize who you are. Once hackers have that cookie, they can pretend to be you on these sites or even find your login and password information stored inside the cookie.
5 ways to stay safe on public WiFi
1. Know your network
Before you connect, be sure you know whose network you're connecting to so you don't fall prey to WiFi honeypots. If you're not sure what the public network at a business is called, ask an employee before connecting. And check to make sure your computer or smartphone is not set up to automatically connect to WiFi networks other than your work or home — or set it to ask you before connecting. This way you'll be sure you know what you're connecting to when you connect.
2. Keep your connection secure
Make sure to connect to websites via HTTPS, which encrypts anything you send and receive from the website. While a VPN service encrypts everything you send, HTTPS ensures that communication to and from a particular website is secure. To verify if you're connected via HTTPS, look at the address bar of your browser window; you should see "HTTPS" at the beginning of the web address (or, on some web browsers, a lock icon).
3. Use a VPN
If you use a VPN service, anyone trying to steal your personal information will see only encrypted data. Based on our own testing, as well as third-party analysis, we recommend SurfShark (on sale for $2.49 per month). It receives top marks for speed and privacy from AV Test Comparatives and is recommended by many other third party testers, including Security.org, Top10VPN, PCMag, and more. We also like the free version of ProtonVPN you're looking to protect just one device (just your laptop or just your phone). ProtonVPN is also recommended by ZDNet and Digital Trends and sits in the middle of the pack for speed, according to AV Test Comparatives.
4. Use two-factor authentication
Whenever you can, use two-factor authentication, which requires both a password and a secondary code that changes regularly, for websites and apps. This makes it very difficult for hackers to get at your accounts because even if they can get your password, they won't have the secondary code. Though not all services support it, many popular sites offer this level of security including Google, Facebook, Twitter, LinkedIn, Apple and Microsoft. Authy has a list of sites that support two-factor authentication.
5. Disable file sharing
Make sure your computer isn't configured to share access to files or be seen on public or guest networks. When you're at home, it may be convenient to keep things in a folder you share with other members of the household, but that's less safe when you're connecting to public WiFi.
Disable sharing in:
- Windows 10: Go to Control Panel > Network and Internet > Network and Sharing Center > Change advanced sharing settings. Turn off file and printer sharing and network discovery and save changes.
- Mac OS X: Go to System Preferences > Sharing and be sure that File Sharing doesn't have a check mark by it.
Good luck, and safe browsing!
[This feature has been updated on 7/23/2021]