So you're at your favorite coffee shop and have hopped onto the free Wi-Fi with your tablet to check your social networks, read the latest news, and maybe take a quick peek at your bank balance while you're enjoying your latte. We're so used to having Internet access whenever and wherever we need it that we don't often stop to consider whether logging into a public network is safe.
Here are three major ways these free, open hotspots could get you into trouble.
The risks of free Wi-Fi
Using public Wi-Fi isn't unlike having a conversation in a public place: Others can overhear you. If you don't take precautions, information your devices send over a public Wi-Fi network goes out in clear text — and anyone else on the network could easily take a look at what you're doing with just a few simple software tools.
Someone spying could easily pick up your passwords or other private information. If you use the same password on multiple sites, that could be a big problem. Mallon reports that this is the biggest concern with public hotspots.
The next potential problem is what is called a honeypot. Thieves might set up their own Wi-Fi hotspot with an unassuming name like "Public Wi-Fi" to tempt you to connect so they can grab up any data you send. These are easy to set up without any kind of special equipment — it could be done just using a laptop or smartphone — so you could run into them anywhere. News reports about honeypots pop up once or twice a year.
Finally, using public Wi-Fi puts you at risk for session hijacking, in which a hacker who's monitoring your Wi-Fi traffic attempts to take over an open session you have with an online service (like a social media site or an email client) by stealing the browser cookies the service uses to recognize who you are. Once hackers have that cookie, they can pretend to be you on these sites or even find your login and password information stored inside the cookie.
How to stay safe on public Wi-Fi
Before you connect, be sure you know whose network you're connecting to so you don't fall prey to Wi-Fi honeypots. If you're not sure what the public network at a business is called, ask an employee before connecting.
Check to make sure your computer or smartphone is not set up to automatically connect to unknown Wi-Fi networks — or set it to ask you before connecting — so you're sure you know what you're connecting to when you connect.
Make sure to connect to websites via HTTPS, which encrypts anything you send and receive from the website. While a VPN service encrypts everything you send, HTTPS ensures that communication to and from a particular website is secure. To verify if you're connected via HTTPS, look at the address bar of your browser window; you should see "HTTPS" at the beginning of the web address (or, on some web browsers, a lock icon). Looking for HTTPS isn't enough, though. Hackers have been able to acquire legitimate SSL certificates for sites with names that are slightly off those of major financial institutions and also bear the HTTPS at the front of the URL. Site names include banskfamerica.com, paypwil.com and itunes-security.net.
Recently, hackers have taken advantage of a loophole in the HTTPS handshake, so they can highjack your HTTPS session. Mobile device (smartphone, laptop, tablet) and router manufacturers are working on rolling out patches to fix this (check this list to see the status of your device manufacturer). In the meantime, the way to ensure all of your data is protected is to use a VPN.
If you use a VPN service, anyone trying to steal your data will see only encrypted data that they can't get into. There are many services that can do this. Based on our own testing, as well as third-party analysis, such as PC Mag, we recommend NordVPN (Disclosure: we have an affiliate relationship with NordVPN). VPN services charge a fee for their use, with pay packages ranging from day passes to year-round protection. Keep in mind that services like Netflix may not let you connect if you're using a VPN service. Check out our tips on how to use a VPN and still access Netflix.
Whenever you can, use two-factor authentication, which requires both a password and a secondary code that changes regularly, for websites. This makes it very difficult for hackers to get at your accounts because even if they can get your password, they won't have the secondary code. Though not all services support it, many popular sites offer this level of security including Google, Facebook, Twitter, LinkedIn, Apple and Microsoft.
Make sure your computer isn't configured to share access to files or be seen on public or guest networks. When you're at home, it may be convenient to keep things in a folder you share with other members of the household, but that's less safe when you're connecting to public Wi-Fi.
Disable sharing in:
- Windows 10: Click on the Wi-Fi icon (lower right icon with a dot with curved lines). Scroll down to Change advanced sharing options Turn off file and printer sharing and network discovery> Save changes.
- Windows 8: Go to Control Panel > Network and Internet > View network status and Tasks > Change advanced sharing settings > Turn off file and printer sharing and network discovery> Save changes.
- Windows 7: Go to Control Panel > Network and Sharing Center > Change advanced sharing settings > Home or Work > Turn off file and printer sharing > Save changes.
- Mac OS X: Go to System Preferences > Sharing and be sure that File Sharing doesn't have a check mark by it.
Good luck, and safe browsing!
[This feature has been updated on 10/9/2017]