The Big Problem With Free Wifi Hotspots

Category: Security , Wireless

Coffee shops, restaurants, bookstores, airports, hotels, and other public places often provide free access to wireless Internet hotspots. But along with the freedom to move around while computing comes the danger of being digitally mugged. Here are some some simple tips you can use to make sure you're not broadcasting your business to snoops and hackers while using wifi hotspots...

Understanding Wifi Security Risks

While you're sipping that latte and working on a business plan, someone at the next table, or in a car outside, may be stealing sensitive data from your laptop through the same wireless hotspot you are using. As you browse your email or Facebook on your iPad, someone nearby may be reading along with you. As you walk down the street, your smartphone may automatically connect to a rogue hotspot run by identity thieves, allowing them an opportunity to steal passwords and other data. You may never know your pocket has been picked. This is why it's important to understand wireless hotspot security and use it wisely.

Unsecured wireless networks are convenient - you don't have to enter a password, just fire up your laptop, tablet, or smartphone and let it connect to the wide-open wireless network. But anyone within range of that network can do the same, and without an encrypted connection you may be vulnerable to data theft. Whenever possible, use wireless hotspots that at least require a password.


It's also a good idea to enable the firewall built into your laptop, even when using secured hotspots. A personal firewall can protect your data against other hotspot users. If you are connecting via wifi on a Windows computer, choose the "Public" option when asked what type of network you're on.

Disable file and printer sharing on your laptop before going out in public with it. Whatever data you allow to be shared on a network is available to other users of a wireless hotspot.

Extra Layers of Wifi Security

A few years ago, I met with a group of Internet professionals, all of us sporting laptops with wireless connections to the hotel's access point. On the second day of the conference, one of the attendees put up a slide showing logins and passwords from a dozen of the attendees. Needless to say, many jaws dropped open! He was running a "wifi sniffer" to spy on the internet traffic floating around in the air. Fortunately, he was a trusted colleague, and was nice enough to tell us that we were caught with our virtual pants down.

If you use webmail, or any other website that requires a login password, look for the "https" in the website address. As long as you're on a page with an address that begins with https, the data you send and receive is protected from sniffers and snoopers. That little "s" is your assurance that your connection is encrypted. If you use Outlook or another email client, adjust your account settings to require a secure connection when sending or receiving mail (if your email server supports secure connections, as it should).

Your connection is almost always encrypted when using online banking, or making a purchase on the web. But other venues, such as Facebook and your web-based email may NOT use an encrypted connection. Gmail is fully encrypted, so you're safe there. Yahoo Mail, Hotmail and Facebook all offer a secure login page, but after you're logged in, they revert to non-encrypted mode!

What does this mean? Anything you read or post on Facebook, as well as any email you send or receive while using a public wifi connection may be exposed. If you enter a username and password on a website that doesn't offer encryption, that account can be compromised. That may sound alarming, but it gets worse. Wifi sidejacking is a technique whereby someone can literally take over a web session from another user. You could be logged into Facebook and suddenly someone else is posting on your wall and impersonating you. Read more about Wifi Sidejacking.

If you dig through the settings in Yahoo, Hotmail and Facebook, they do offer a way to turn on secure browsing. I highly recommend that you do this.

Remote Access and Other Wifi Security Tips

Even better, if your company has a Virtual Private Network (VPN), use it for all business communications. A VPN encrypts all data passing through it so that even if data is intercepted it cannot be read. If you're not on company business, use one of the free remote access services to protect your data against thieves. You can use these tools to connect to your home computer, and do your surfing through your own secure internet connection. Learn about the options in my related article Free Alternatives to GotoMyPC.

Consider disabling your device's WiFi adapter when it's not in use. This prevents your device from automatically connecting to any wireless hotspot you may pass. On smartphones, this will be found in the Settings dialog. Most laptops have a button or switch that makes enabling and disabling a WiFi adapter quick and easy.

Oh, and there are the "shoulder surfers" to watch out for. Just like when you're entering your PIN code at an ATM, you need to keep an eye open for anyone who might be glancing over your shoulder while you hunt and peck. I always use two fingers when entering my pin or password... one presses the correct key and other is a decoy. So even if someone was watching from across the street with binoculars, it's almost impossible to steal a password.

Wireless hotspots are essential these days. But just as you wouldn't sit in a cafe with your wallet open on the table, you shouldn't leave your laptop or other mobile device wide open to thieves. If you must use public wifi in an airport, coffee shop, or hotel room, awareness and encryption are paramount. If the web address displayed by your browser starts with HTTPS, you're safe. If not, everything is potentially exposed to hackers or snoops in the vicinity.

Do you have something to say about wifi hotspot security? Post your comment or question below...

How Else Can I Help You?   (Enter your question in the box above.)

Sign up now for AskBob Updates!

Boost your Internet IQ, keep up with the latest online trends... get your FREE subscription now!


Posted by on 5 Feb 2013

For Fun: Buy Bob a Snickers.
Need More Help? Try the AskBobRankin Updates Newsletter. It's Free!

Prev Article:
Free Online Job Search Tools

The Top Twenty
Next Article:
Geekly Update - 06 February 2013

Link to this article from your site or blog. Just copy and paste from this box:

Most recent comments on "The Big Problem With Free Wifi Hotspots"

Posted by:

05 Feb 2013

Great tips. I'll keep them handy for when I eventually do use a public network.

Posted by:

05 Feb 2013

Interesting and useful article, which begs a question. Do key scramblers and encoders like KeyScrambler Personal protect the user on free hot spots?

EDITOR'S NOTE: No. Key scramblers will only work against keyloggers, which operating within the scope of your computer. The keys have to be unscrambled before they hit the network, which is where the "bad guys" are.

Posted by:

05 Feb 2013 is also secure.

Posted by:

David Bohlke
05 Feb 2013

Bob, Another great article.

Question: If the https websites are safe, why don't all websites do this as a matter of course? Does it cost more or require a significant amount of effort to set up a website to be https?


Posted by:

05 Feb 2013

Do you have any advice on using an unsecured wireless network with either an Android or an Apple device? You can tell whether a website is secure, but not the mail, or any other apps that you run which access the internet.

EDITOR'S NOTE: The Gmail app on Android is secure, as is the Mail app on Apple iOS devices. Other apps, you'd have to look at them individually.

Posted by:

05 Feb 2013

Thank you for another interesting and more than informative article. I am always hesitant to use a public network but will be more educated now that I've read this. Keep up the good work....many of us benefit greatly from these.

Posted by:

06 Feb 2013

Are portable personal wifi hotspots (like the ad for one by Netzero) encryptable, and thus more secure than unencrypted coffee shop wifi?

EDITOR'S NOTE: Yes, mobile hotspot devices (sometimes called MiFi) are secure. But since they're acting like network routers, you must connect to them with a password. Otherwise, they're open for anyone to connect.

Posted by:

06 Feb 2013

For a quick and easy VPN, you can use the portable VPN client, UltraVPN, provided by Ultrareach Internet Corp. ( The UltraVPN DL link is the last line on this page:

Everything goes through their servers, and is encrypted both ways, so no one can even tell whom or where you are.

Posted by:

09 Feb 2013


The site you posted is a Malicious website according to Malwarebytes Anti-Malware.


Posted by:

18 Feb 2013

I switched to the new Outlook email yesterday and today I notice it has the extra "s" plus the secure padlock. Best regards to all.

Posted by:

05 Jun 2013

Again a great article. Suggestion, if I may : I would assume that some readers are not very computer literate and can be confused by some of the information. For instance you referred to wi-fi ''adapters'' with a suggestion to turn it off. What is an ''adapter'', how do I find it, and how do I shut it off?

I realize that more often than not, there is more than one way to do certain things given the various types of machines and applications involved. Simply avoiding the use of technical terms such as ''adapter'' instead of ''connection'' may help.

I don't mean to be critical. Your article are well written and easy to understand really...

Posted by:

05 Jun 2013

There is not an "s" in your( http://) website. Does that mean it's not secure?

EDITOR'S NOTE: Good question, but you're mixing up two different things. The "S" in the HTTPS indicates a secure (encrypted) CONNECTION to a website. It doesn't give any indication as to whether a site itself is "secure".

Generally, you only need/want an HTTPS connection when you're sending information TO a website, such as your login, password, credit card number, etc. If (as in the case of you're merely viewing the web pages on a site, there's nothing to be gained from an encrypted connection. It will actually slow you down unnecessarily.

Posted by:

10 Apr 2014

Instead of turning off the wi-fi adapter, can't you just enable airplane mode, and/or setup your laptop not to connect automatically to a wi-fi connection?

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.

Article information: AskBobRankin -- The Big Problem With Free Wifi Hotspots (Posted: 5 Feb 2013)
Copyright © 2005 - Bob Rankin - All Rights Reserved