People are addicted to free Wi-Fi. They need it, they crave it, and they don’t think twice about connecting to any network that can get them online in most cases. Getting Wi-Fi in a hotel, on an airplane, even in a restaurant or bar drives decision-making on where to go and stay. Many people even use public Wi-Fi in hotels/rentals to watch adult content—and I’m not talking about HBO Max. Yet most people can’t tell a secure Wi-Fi network from an insecure one.
For many, public Wi-Fi hotspots are too convenient to ignore. But they’re risky, especially because it’s not that hard to make sure you’re secure. Some of the tips below involve common sense; the rest you can set up before you leave the house or office. Make sure the next hotspot you connect to—be it in a café or in the sky—isn’t a security nightmare waiting to happen.
Pick the Correct Network
Have you ever tried to connect to public Wi-Fi and seen multiple network names that are similar but not the same? EricsCoffeeHaus versus EriksCoffeeHaus, or HiltonGuest versus HiltonGuests, for example. This is a tried-and-true man-in-the-middle attack used by hackers—dubbed Wi-Phishing—which tries to trick you into logging into the wrong network to get to your info. Most people don’t take the time to check, and jump on the strongest, open signal they see. But you should always check that you pick the legitimate network. Just ask someone who works there for the proper network name if it’s not posted.
When you want to pick a Wi-Fi hotspot to log into, try and find one that’s got you locked out. You read that right. Usually, if you see the lock icon, it means you can’t get access. Networks with zero security don’t have a lock icon next to them, or the word “secured,” which shows on a Windows laptop. On an iPhone, if you click an unsecured network—even if it’s your own at home—you’ll get a warning that reads Security Recommendation.
Of course, this isn’t a hard and fast rule. Some hotspots don’t show the lock because they have what’s called “walled garden” security: you have to log in via a browser to get access to the internet. The login usually is provided by the hotspot—you may get it from the front desk at a hotel, for example, while checking in.
It’s best to stick to hotspots where the provider—be it a conference, hotel, or coffee shop—provides you with a clear network to choose from, plus a password to grant access. Then you know at least you’re on the network you’re meant to be using.
Ask to Connect
You can set most devices to ask for your permission before they connect to a network, rather than just automatically connecting to the strongest open network around, or a network they’ve connected to before. That’s a good idea. Never assume the network you used in one place is as safe as one with the same name in another place. Anyone with the right tools could spoof a Wi-Fi network’s broadcast name (called the SSID).
If the device asks first, you’ve got a chance to make a decision about whether it’s safe to connect or not. On iOS for example, go to Settings > Wi-Fi, and check off Ask to Join Networks. On Android, the exact path will vary, but look for Wi-Fi preferences in Settings.
Be Your Own Hotspot
Rather than risk everyone in a group using iffy Wi-Fi, one person could designate their own device as the hotspot. Almost all laptops and phones make it easy to become your own hotspot for others. It won’t be fast, but it will be more secure.
In Windows 10, turn it on at Settings > Network & Internet > Mobile Hotspot. Pick the kind of internet connection used (if there is more than one option; this is best if you’ve got an Ethernet connection), and copy the name of the network to hand out to people (or change it), as well as the network password they need for access (or change it—it must be eight characters at least).
On macOS, go to Apple Menu > System Preferences > Sharing and click the Internet Sharing box. Pick a connection type to share, how you plan to share it (Wi-Fi, duh), then click Wi-Fi options to name your Mac hotspot and give it a password.
On iOS, go to Settings > Personal Hotspot to toggle on Allow Others to Join. You can also reset the password here to one that’s a minimum of eight characters. Android users, look for a under Settings > Network & internet > Hotspot & tethering.
Public access Wi-Fi is great, but you could just carry your hotspot with you. Cellular modem hotspots have their own battery, use cellular backhaul for an internet connection, and provide multiple people with Wi-Fi access. Sure, it costs more, but it might be worth it if you’ve got a lot of traveling ahead.
Overall, this is a lot more secure than using publicly provided Wi-Fi. It’ll just cost you more, either in money or data (or both).
Subscribe to Hotspots
Services like Boingo—which partners with others to provide access to over 1 million hotspots around the globe—or Gogo, which provides hotspots specifically for planes in flight, are two of the big names in subscription Wi-Fi services. Pay them a monthly fee—which can get pricey—and you know when you find their certified hotspots, they’re a lot less likely to be run by the bad guys. (Not impossible, but pretty unlikely.)
Never heard of 802.11u? How about Wi-Fi Certified Passpoint? They’re all the same thing: a method to help people not only securely get on a hotspot, but roam from supported hotspot to hotspot, cell-tower style. That means you enter credentials to sign in once, which get reused at hotspots all over the place, logging you in instantly and securely.
The major operating systems like Windows 10, macOS, iOS, and Android support Hotspot 2.0. In Windows, go to Settings > Network & Internet > Wi-Fi and flip the switch under Hotspot 2.0 networks to turn it on. In Android, search for it in Settings. You can find it in locations with consistent ISP providers like Optimum or Spectrum, or from paid hotspot providers like Boingo. If it’s an option for you, use it.
Avoid Personal Data in Hotspots
This is less a technical tip than a behavioral one: if at all possible, avoid doing serious tasks like bill paying, accessing your bank account, or even using your credit card when connected to public Wi-Fi. And filing your taxes at a hotspot? No way. Save those transactions for when you’re connected safely to your home network, where you’re a lot less likely to get targeted by snoops, since you already keep that one secure, right? If you absolutely must do the above, read on.
Avoid Using Your Passwords
There are a lot of passwords to remember, and you probably have to enter a few even while you’re on public Wi-Fi. But if you’ve been compromised—say some hacker is sniffing the airwaves and pulling down data—anything you type and send to the internet could be equally compromised. That’s one of the many reasons you should use a password manager. They store passwords for you and keep them encrypted, even on mobile apps. If you do use passwords, try to make sure they’re on sites where you have two-factor authentication set up.
Check for a Secure Connection
Most websites use the HTTPS protocol to support SSL (Secure Sockets Layer) to make your connection to them more secure. Browsers like Chrome warn you if you visit a site without it. You can tell if the site you’re on uses HTTPS even if you can’t see it listed in the URL (that would be the first part, as seen in “https://www.pcmag.com“). For example, a lock icon and the word “Secure” appear at the start of the address bar in the Chrome browser on the desktop (the lock appears on most smartphone browsers). There are also extensions, like the Electronic Frontier Foundation’s HTTPS Everywhere extension for Chrome, Firefox, or Opera, that try to force every site connection you make to the secure option, if available.
Use a VPN
Volume 0%This ad will end in 23 This should go without saying by now: you need a virtual private network (VPN) when you’re on a public network. While this was moderately good advice the first time we wrote this story almost a decade ago, we live in a surveillance/hacker state today that rivals that of Orwell’s 1984.
A VPN creates a private tunnel between your laptop or smartphone and the VPN server on the other end, encrypting your traffic from snoops—even your ISP or the operator of the hotspot itself. To find the one that’s right for you, read our roundup of the Best VPN Services. Put it on all your devices that use public Wi-Fi of any sort. Even on your home Wi-Fi. You’ll be glad you did. (For complete anonymity, use the Tor network.)
Turn Off Sharing
When you connect to a network with a PC, be it a Windows or Mac, the goal is typically to share some services—at the very least files and printing ability. If you leave that sharing option open at a hotspot and connect to the wrong thing, you’re giving bad guys easy access. Disable it before you go out. In Windows 10, go to Settings > Network and Internet > Wi-Fi > Change Advanced Sharing Options (on the right) and look for Guest or Public—click the down caret to open that section. Click the radio buttons next to Turn off network discovery so your PC isn’t seen, and Turn off file and printer sharing to avoid sharing.
Keep Your OS and Apps Updated
Operating system (OS) updates are an annoying yet necessary evil. Don’t be lulled into a false sense of security because you’re a Mac or iPhone user. OS updates are serious business; they often fix serious security holes. Once an update is available, everyone in the world knows about the holes in the previous iteration—if you haven’t patched it, your device becomes low-hanging fruit ready to be plucked by an opportunistic hacker.
Don’t forget mobile apps either. App updates also fix serious security holes. Especially the browser apps, but anything that goes online could be vulnerable. On iOS, go to Settings > App Store > App Updates, and toggle it on so apps update themselves. On Android devices you can do the same with Google Play > Settings > Auto-update apps, and choose whether you want auto-updates to happen over any network (such as your mobile connection) or just when you’re on Wi-Fi.