- Public Wi-Fi Isn’t Secure
- Ways To Encrypt Your Information
- Protect Your Information When You Use Public Wi-Fi
When you’re at home, you can take steps to keep your home wireless network secure — like using a strong router password, limiting what devices can get onto your network, and turning on encryption, which scrambles the information you send over the internet into a code that can’t be read by others. But when you’re using your favorite coffee shop’s Wi-Fi, there’s not a lot you can do to control its network security.
Why does it matter? If the network isn’t secure, and you log into an unencrypted site — or a site that uses encryption only on the sign-in page — other users on the network can see what you see and send. They could hijack your session and log in as you. New hacking tools — available for free online — make this easy, even for users with limited technical know-how. Your personal information, private documents, contacts, family photos, and even your login credentials could be up for grabs.
A scammer also could use your account to impersonate you and scam people onyour contact lists, or test your usernames and passwords on other websites — including sites that store your financial information. If a scammer gets your personal or financial information, they could steal your identity.
When you sign on to public Wi-Fi, you may also be sharing your data with the companies providing the Wi-Fi. Many public Wi-Fi networks such as in airports and hotels will also prompt you to install a “digital certificate” to use their internet. They may do this to scan your traffic for malware — but this also allows them to read your traffic, even if it’s to a site using https (which encrypts information).
But there are steps you can take to protect your information, even in public.
While there isn’t much you can do to make a public Wi-Fi network more secure, you can do some things to help keep your data secure on public Wi-Fi:
- Connect to websites securely. If you see https in the web address, you have a secure connection to the website. But using https does not mean a website is legit. Scammers know how to encrypt sites, too. They know that people assume https means a website is safe — so they’ve started adding it to their websites, as well. So your data is encrypted on its way to the site, but it won’t be safe from scammers operating that site.
- Consider using a VPN app. Some virtual private networks, known as VPNs, offer encryption. Learn more about VPN apps and what to know before you download one.
- Use your mobile data. Your mobile data is usually encrypted. If you’re on the go, don’t have the option of using a secure website, and have no VPN encryption, consider using your mobile data instead of Wi-Fi. This is a good option when you’re putting personal information into apps, since it can be hard to know if they’re encrypted.
Here are some other ways you can protect your information when you’re using public Wi-Fi:
- Don’t access your personal or financial information. Always assume a public Wi-Fi network isn’t secure.
- Log in or send personal information only to websites you know are fully encrypted. To be secure, your entire visit to each site should be encrypted (meaning that the URL starts with https) — from the time you log in to the site until you log out. If you think you’re logged in to an encrypted site but find yourself on an unencrypted page, log out right away.
- Don’t stay permanently signed in to accounts. When you’ve finished using an account, log out.
- Don’t use the same password on different websites. It could give someone who gains access to one of your accounts access to many of your accounts.
- Pay attention to warnings. Many web browsers alert you before you visit a scammy website or download malicious programs. Don’t ignore those warnings. Also keep your browser and security software up to date.
- Change your device’s settings so it doesn’t automatically connect to nearby Wi-Fi. That way, you have more control over when and how you use public Wi-Fi.
- Install browser add-ons or plug-ins that can help. For example, Force-TLS and HTTPS-Everywhere are free Firefox add-ons that force the browser to use encryption on popular websites that usually aren’t encrypted. But they still don’t protect you on all websites. Look for https in the URL to know a site is encrypted.