You’re in between flights and you’re on a deadline. That “Free Public Wi-Fi” sign on the wall next to your gate looks tempting, but you pause before logging in—don’t hackers lurk on public Wi-Fi, just waiting for clueless passengers like you to open the floodgates to all your personal information?
The answer is yes, they do. But that doesn’t mean you have to give up public Wi-Fi altogether. There are plenty of ways to protect yourself and your sensitive info while using free public Wi-Fi. We’ll explain how hackers use public Wi-Fi to sneak into your accounts, and we’ll walk you through the steps you should take to fly under their radar and browse safely whether you’re at the airport, your mechanic’s shop, or your favorite restaurant.
The best way to beat a hacker is to think like one. Stay one step ahead by understanding how hackers and identity thieves try to take advantage of unsuspecting public Wi-Fi users.
Like luring in kids with candy, hackers will try to lure you in with the promise of a free, easy, open Wi-Fi network. The catch? They’re in control, and they can see everything you’re doing online.
Hackers may use open file sharing networks and AirDrops to infect your computer with malicious software (malware) or other viruses that can open up holes in your system and let them in.
System Upgrade Alerts
You might think that performing a system upgrade will help keep you safer, but it could be a hacker acting like a wolf in sheep’s clothing. Anytime you click on an alert while you’re on public Wi-Fi, you could end up with a virus instead of an upgrade.
Simply put, if you’re using the same network as a hacker, they can see everything you’re doing online, including the sites you visit, the passwords you use, and the personal information you share. Armed with that information, they can use it to steal money from your bank account, open up fraudulent accounts in your name, and commit a host of other damaging crimes.
Know the Wi-Fi You’re Using: Secured vs. Unsecured
Anytime you use public Wi-Fi managed by someone else, it’s always somewhat unsecured. Unlike your home Wi-Fi, you don’t know who else has the password, so you don’t know who else might be on the network with you. For that reason, you should treat every public Wi-Fi network as potentially unsafe.
Unsecured Wi-Fi (aka, “open” Wi-Fi) is the kind you find at McDonald’s and airports: no password needed. As long as you’re in range of the router, anyone can hop on the Wi-Fi and surf the web to their heart’s content. Unsecured Wi-Fi is about as public—and as risky—as you can get.
Secured Wi-Fi (aka, “semi-open” Wi-Fi) typically requires a little more work to access than unsecured. You will usually need a password to log in, and you may be required to check a box on a terms and conditions page before gaining internet access. Some businesses also require a purchase before you can access their secured Wi-Fi. If you have a choice, always opt for secured Wi-Fi.
Follow These 8 Public Wi-Fi Safety Rules
Just like knowing the dangers of sun exposure doesn’t mean you should never go outside, knowing the security risks of using public Wi-Fi doesn’t mean you should never use it. Here are your hat and sunscreen equivalents for enjoying public Wi-Fi:
1. Enable firewalls and antivirus software.
Firewalls and antivirus software can warn you of suspicious websites and files, and protect your system against hackers trying to get at your data.
2. Turn off automatic connectivity features, including Bluetooth, before you log in to public Wi-Fi.
Turn off all features on your phone, laptop, or tablet that allow your device to automatically connect with another device or public wireless networks. This includes file sharing, AirDrop, and printer sharing.
3. Choose your public Wi-Fi wisely.
You want Wi-Fi that is secure, legitimate, and has as few users as possible. Look for a network that is password-protected, connected to a high-profile brand (like Starbucks), and tied to a business with small square footage. Password protection and small square footage limit the traffic on the network, and high-profile brands are more likely to run a tighter network ship because they have more to lose from a hacking scandal.
Pro Tip: If you want to avoid big airport Wi-Fi networks with lots of users, check out WiFox. It uses a crowd-sourced map to give you free public Wi-Fi spots and passwords for airport restaurants and lounges all over the world. Purchase the app or use the website for free.
4. Never download or install anything while on public Wi-Fi.
Don’t click on any pop-up windows asking you to install or download something in order to log on to free public Wi-Fi. Don’t download anything from the web, and always avoid doing any system upgrades or updates while on public Wi-Fi.
5. Look for the HTTPS padlock.
When possible, make sure every site you use has that little “s” for “secure” after the HTTP in the web address and the padlock symbol to the left. HTTPS sites are more secure than HTTP sites because they use encryption to protect any data you might send to the site’s server.
Pro Tip: Try the HTTPS Everywhere browser extension to automatically direct your web browsing to the secure HTTPS versions of sites, rather than their unprotected HTTP counterparts.
6. Don’t input any personal information on any sites you visit on public Wi-Fi.
Even with the HTTPS, it’s still risky to input any personal info while you’re using public Wi-Fi.
7. Limit the number of public Wi-Fi hotspots you use.
Just like you limit your risk of catching a cold by avoiding the number of strangers’ hands you shake in a day, you’ll limit your exposure to public Wi-Fi danger by limiting the number of open networks you connect to.
8. Always “forget” the network after you use public Wi-Fi.
Be sure to click the “forget network” option on your network preferences once you finish using an open network. This will prevent your device from automatically connecting to it again without your permission.
Beef Up Your Security
If you’ve made it through the do’s and don’ts and you’d still like to take advantage of free public Wi-Fi hotspots, here are a few additional security measures you can take to protect yourself out in the public Wi-Fi jungle.
Keep your security updates current.
Yes, they take forever and they’re a big pain, but keeping your device’s security updates current will keep you safer on public Wi-Fi.
Use two-factor authentication on your accounts.
Two-factor authentication requires you to use a password and something else—like a security question or a PIN—to get access to an account. Using this on all your accounts is a good way to thwart any hackers who might get your password.
Use a VPN (Virtual Private Network).
A VPN lets you surf the web anonymously by routing all your web activities through a secure, encrypted server. VPNs are a good choice if you’re a frequent traveler on public transport. Keep in mind that paid VPN services are more reliable and secure than free ones, and they cost only a few bucks a month.
Consider Safer Alternatives to Public Wi-Fi
If you’ve decided public Wi-Fi is too risky and you’d like to avoid it altogether, here are a few safer alternatives for you to consider.
Use free hotspots offered by your cell or cable company.
Many companies now offer their registered customers exclusive access to public Wi-Fi hotspots.
Use an unlimited data plan on your smartphone.
If you just want to use the internet to play games and surf social media, using unlimited data on your phone is a safer choice than logging on to public Wi-Fi.
Use your smartphone as a private hotspot.
If you need to use a computer or tablet, consider using your phone as a hotspot to connect to Wi-Fi so you can still conduct your online business in private.
What is an MITM attack?
MITM stands for “Man in The Middle,” and an MITM attack is just what it sounds like: a hacker virtually places himself invisibly between your device and the server for a website you’re using. MITM attacks can happen when a hacker is sharing a public network with you.
Are mobile apps safe to use on public Wi-Fi?
Not always. Most companies’ mobile apps don’t have the level of encryption that their HTTPS websites do. If you have to use your phone to conduct transactions involving sensitive info, it’s best to use your browser and go directly to the website instead.1
Can I install a VPN on a loved one’s device?
Yes. VPNs are an effective protective measure for devices whose users may not be as vigilant about potential threats. If you want to increase internet safety for kids, installing a VPN on their device is a good way to allow them to still access public Wi-Fi without running the risk of them accidentally being hacked. VPNs are also good for keeping seniors safe online.
Kasey is a trained Community Emergency Response Team (CERT) member and a freelance writer with expertise in emergency preparedness and security. As the mother of four kids, including two teens, Kasey knows the safety concerns parents face as they raise tech-savvy kids in a connected world, and she loves to research the latest security options for her own family and for SafeWise readers. Learn more