For as long as we’ve had access to public Wi-Fi networks—the ones in the airport, the Starbucks around the corner and your hotel room—we’ve been told the same thing. They’re unsafe. You should never enter sensitive information while on a public network, the advice goes, or even think about logging into your bank account. The second you log on, you’re practically begging hackers to steal all your data.
But while you should always think twice before entering sensitive information, the public Wi-Fi story has changed. In recent years, the internet itself has gotten more secure. So have your devices and the networks themselves. It’s still true that logging on to a public Wi-Fi incurs certain security and privacy risks—but they’re generally the same ones you encounter anytime you’re online, at least in the U.S. Connecting to networks comes with different risks in different countries.
If you follow a few simple tips that I’ll lay out for you, you should feel free to hop on the network whenever you find yourself killing time on a layover or waiting for food at McDonald’s .
Don’t leave off the last S
The most important contributor to your safety on public Wi-Fi has nothing to do with the Wi-Fi at all. As more websites have adopted an encrypted protocol called HTTPS—you don’t need to know the term, just that HTTP is a standard for network communication and the S stands for “secure”—everything you do online has become safer. When you visit an HTTPS-enabled website, you immediately open an encrypted connection. Even if I could intercept all the data you are sending and receiving, all I could figure out is the site you’re on, not what you’re doing there.
“Every website you care about has HTTPS,” said Jacob Hoffman-Andrews, a senior staff technologist at the Electronic Frontier Foundation. “You should be able to get on any network and not worry about it.” I still recommend quickly glancing at the websites you visit to make sure they’re secure. Chrome, Safari and others denote this with a lock next to the URL in your browser. No lock? Sometimes you can switch to a secure connection by going up to the web address itself and adding an “s,” so that “http://” becomes “https://”.
Another technology helping to make Wi-Fi networks safer is known as Passpoint. The first time you connect to a Passpoint-enabled network, it prompts you to download a small piece of software called a “profile” that identifies your device going forward. If you’ve ever used a LinkNYC payphone-turned-hotspot, you’ve experienced this tech. It’s now coming to many airports and other public places. Once it is enabled, your device can hop among Wi-Fi networks the way it does cell towers—automatically and seamlessly, without asking for a password every time you switch networks.
In addition to saving you from entering Wi-Fi passwords, Passpoint offers one solution to an important security problem—connecting to the proper network.
Nearly everyone I spoke to agreed that the biggest current problem with public Wi-Fi is the “evil twin”: Someone sets up a legit-looking network designed to trick you into letting them access your device. If you’ve ever opened up your Wi-Fi settings only to find networks called “HotelWiFi,” “HotelWiFiFree” and “FreeHotelWiFi,” you are likely looking at one real network and two evil twins. Make sure you join the right network—for instance, by asking an employee for the correct name.
In some cases, public Wi-Fi networks themselves are helping to keep you safe. Many providers disable peer-to-peer access on their networks, meaning nobody else could access your computer over their network. (Upside: It keeps everybody out. Downside: You can’t wirelessly share PowerPoints at Taco Bell. I call that a good trade.)
Some networks will even attempt to protect devices from themselves. “If you go to a bad website and you have a virus, we’ll see that kind of activity coming through somebody’s laptop and we’ll stop those things,” said Derek Peterson, chief technology officer at Boingo .
All these protections rely on the providers having up-to-date wireless tech, which not all of them do. They might work better if you’re on Boingo-powered airport Wi-Fi than if you’re connected to the dusty router in Tommy’s Diner. Either way, though, it’s far harder to be compromised than even a few years ago.
Of course, this, too, is the case virtually anywhere you are. Internet providers are allowed to collect, sell and use information about you and your online activity—even when you’re at home.
At this point, whether you’re online at McDonald’s or in your living room, you are in roughly the same spot: You aren’t totally safe, but you’re still more likely to be the victim of a phishing scam, or tricked into clicking a malicious link or entering your credentials into a spoofed Google page, than you are to sit down next to a hungry hacker. If your banking info gets leaked, odds are it’s because the bank’s servers were breached.
That’s why most tips for staying safe on public Wi-Fi also apply to your private, at-home Wi-Fi. Here’s what you should do, basically every time you connect to the internet:
•Always check that lock to make sure the site you are on uses HTTPS, particularly when it’s a bank or involving sensitive information.
•If you aren’t confident in your current location, use your mobile data instead, or use a virtual private network, aka VPN.
•To avoid phishing attacks, type in your bank’s website or use its official app, rather than clicking on a link to the site from your email.
•Keep your devices and apps up to date.
SHARE YOUR THOUGHTS
Do you have to rely on public Wi-Fi for work at times? How do you secure your devices? Join the conversation below.
•One more, mostly for sanity’s sake: Create a throwaway email address when these networks ask for one. Even the ones that don’t store and sell your activity will definitely send you marketing emails.
There are plenty of reasons to worry about your security and privacy online. But you don’t need to worry about hopping on the network at your local coffee shop. Go ahead and surf away.