On The Road - Using Public WiFi

Hotel wifi hotspot

Wifi hotspots are everywhere these days, such as in cafes, hotels, & airports. They can be extremely convenient - but also very risky.

Without the right precautions you risk criminals being able to see everything you do, potentially stealing your credit card details, reading your emails, or hijacking your web accounts. On this page we discuss what you need to know & how you can stay safe.

Jump straight to topic:


What are the risks of public wifi?

Free wifi sign

When you connect to a public wifi hotspot you're not in control of it's security settings like you are at home, with many other people also sharing the same connection.

Whilst it's rare to be hacked through using public wifi, it does happen - and the more you use it, the higher the risk. All it takes is to be unlucky once & the consequences can be severe.

If you use a hotspot without the right precautions or protections you risk:

  • Eavesdropping - Others could listen to your internet session, potentially stealing your credit card details, emails, or account passwords;
  • Interception - Criminals can force your internet traffic to pass through their computer (called a "man in the middle" attack), allowing them to hijack your accounts, redirect you to websites of their choosing, or even modify what you see.
  • Malware - There's a range of methods by which hackers can slip viruses onto your computer if they're on the same wifi connection as you.
  • Fake hotspots - Just because a hotspot is called "Starbucks", how do you know it's run by them? Fake hotspots with realistic names are easy to create, fooling users into connecting and allowing hackers access to all their internet traffic.

Criminals don't even need to be physically present to hack your wifi connection; they could hide equipment to create a fake hotspot, or attack the network and leave a virus on the router to do all their work for them.

Sounds scary huh? It is, but remember that whilst hackers can do all the above very easily, it is still fairly rare. But as it's so easy to take sensible precautions then why wouldn't you? Keep reading!


Basic precautions

Protecting yourself on public wifi connections is fortunately easy - try to make these few tips a habit to help keep your data safe. You should as always also ensure your computer's software is up to date and have a good antivirus program installed.

Depending on the situation not all of the following recommendations are always possible, but it's worth remembering them all and following those that you can:

Use 3G/4G data if you can

You can remove all the risks of public wifi at a stroke by using your mobile phone data instead:

  • If you're using the internet on your phone, turn wifi off.
  • If you're using your computer, enable the "Personal Hotspot" feature on your phone and connect your computer to this wifi connection instead.

This obviously relies on you having a good signal & enough data, but it's always much safer than using a public wifi.

Think before you connect

Spotting fake hotspots can be difficult, but before connecting always take a moment to stop & think.

  • Be suspicious of any with intentionally appealing names (such as "Free WiFi") or where the name is slightly different to what you might expect.
  • If possible you can always ask nearby staff what the official wifi is called.

If the hotspot requires you to create an account then avoid re-using any existing passwords. And if a wifi login screen ever asks for too many personal details, such as a PIN, then be very suspicious - disconnect straight away & report it to the venue where you are.

Avoid websites with personal data

When connected to public wifi try to avoid any sites that ask for a login or which hold any personal data, such as email or social media.

This obviously isn't always an option, but if you can then wait until you're at home before using these sites.

Look for 'https'

If you do visit a website with a login, or if you're entering any financial details, then check that the address begins "https". Our page on Secure Online Shopping explains this further.

In advance of using public wifi (such as when you're at home), you could also download the "HTTPS Everywhere" browser extension. This will automatically force websites to encrypt their data where possible.

Log out of websites

On any website that required a log in then always log out when you're finished. Don't just close the browser but actually look for an option called "Logout" on the website. This actively tells the site that you've finished, and can help prevent anyone else from accessing it as you.

Turn off file sharing

The first time you connect to a new wifi hotspot select the "Public Network" option if your computer asks you, or look in your system preferences or control panel to turn "File Sharing" off. This tells your computer to block any other users of the wifi hotspot from accessing your computer.


Using a VPN

The best protection you can give yourself when using public wifi is a VPN (this stands for "Virtual Private Network"). This is a piece of software that helps to keep hackers firmly away from your internet browsing.

Connecting to a VPN

Connecting to a VPN

They work by creating a secure pipe between your computer (or phone) & another computer out on the internet. All your browsing is then sent down this protected pipe, keeping your data away from any prying eyes.

VPN software used to be tricky to set up & configure but with growing demand they're getting easier all the time. Some of the more popular ones are:

Be aware when choosing a VPN that it's absolutely crucial to only get one you trust. All your internet traffic will pass through a computer controlled by the VPN provider, theoretically giving them access to your information.

If you use a rogue VPN this is far worse than no VPN - you'd be actively giving criminals your internet traffic.

Do your research when choosing a VPN - never install one you don't trust


Using wifi on your phone

Mobile phone locating wifi hotspots

Connecting to public wifi with your phone gives you all the same risks as above but with an extra one to consider too - the "auto connect" feature.

Many phones are designed to remember all the wifi connections you use, automatically reconnecting again when they can.

Whilst this can be useful, if you don't know your phone is connected then you may not have taken any security precautions - your apps may send passwords or private messages over an insecure connection without you knowing.

Criminals can also exploit this easily by creating a hotspot in a busy venue and giving it a popular name. Any phones nearby that recognise the name may then try to connect, allowing the criminals to capture anything the phone sends to the internet. It's too easy for them!

So how can we keep our personal information data safe? Fortunately it's fairly easy to do - following these tips will go a long way to helping keep your data safe:

  • Disable wifi when not in use - Go into your phone settings and turn wifi off if you're not actively using it. And even though it's a different risk, it's worth checking that bluetooth is turned off as well.
  • Ensure that auto-connect is turned off -
    • iPhones: After you've finished using a hotspot go to Settings > Wi-Fi; click on the hotspot you just used & select "Forget this network". Disappointingly this needs doing straight away - Apple don't allow you to "forget" other known networks you've used until you're back within range of them. There is also a generic "Ask to Join Networks" option you can enable at any time, but this will constantly prompt you for every network, including your home wifi.
    • Android: Android phones can be a bit more complex as different carriers install different connection management apps. As well as looking for and checking these apps, try going to Settings > More > Mobile Networks and see if there's a "Connection Optimizer" option which you can disable.
  • Install a VPN - As with computers, VPN software is available for mobile phones. These are often really simple to use & will tunnel all your data through a secure pipe to reduce the risk of it being eavesdropped. All the VPN providers mentioned above have mobile phone-specific apps.

Have any feedback on this page? Let us know - [email protected]