(Credit: Zain bin Awais/PCMag Composite;Oscar Wong/via Getty Images)
Even with the advent of 5G, Wi-Fi remains an important factor for people in hotels, home rentals, restaurants, cafes, and airplanes. Two-thirds of Americans who travel say they absolutely must have "fast" Wi-Fi access (meaning it has a decent broadband connection backing it) and that access to it drives their travel plans.
Many folks are so addicted to high-speed wireless internet over Wi-Fi that they don't think twice about connecting to any network that can get them online (especially if they can't get a decent mobile signal). Yet many people can't tell an authentically secure Wi-Fi network from an obvious scam or attack waiting to happen. All About Cookies did research showing 25% of people using public Wi-Fi have experienced a security issue.
Public Wi-Fi hotspots you don't know can be risky. But it's not that hard to make sure you're secure. Some of the tips below involve common sense, while the rest are steps you can take before you even leave the house. Make sure the next hotspot you connect to—be it on the streets of Paris or 30,000 feet in the sky—isn't a security nightmare waiting to happen.
1. Pick the Correct Network
(Credit: PCMag/Apple)Have you ever tried to connect to public Wi-Fi and seen multiple network names that are similar but not the same? EricsCoffeeHaus versus EriksCoffeeHaus, or HiltonGuest versus HiltonGuests, for example. This is a tried-and-true "evil twin" that leads to a man-in-the-middle attack—aka Wi-Phishing. It attempts to trick you into logging into the wrong network to get at your info. Too many people don't take the time to check—they simply jump on the strongest open signal they see. Always confirm that you picked the legitimate option. Simply ask someone who works in that location for the proper network name if it's not posted.
2. Pick a Secure Network
When you want to pick a Wi-Fi hotspot to log into, find one that's got you locked out. You read that right. Usually, if you see the lock icon, it means you can't get access. Networks with zero security don't have a lock icon next to them. On an iPhone, if you click an unsecured network—even if it's your own at home—you'll get a warning that reads Security Recommendation.
Of course, this isn't a hard and fast rule. Some hotspots don't show the lock because they have what's called "walled garden" security: You have to log in via a browser to get access to the internet. The login is usually provided by the hotspot—you may, for example, get it from the front desk at a hotel while checking in.
It's best to stick to hotspots where the proprietor or event organizer provides you with a clear network to choose from and a password to grant access. Then, you know you're on the network you're meant to be using.
3. Ask to Connect
(Credit: PCMag/Apple)You can set most devices to ask for permission before they connect to a network, rather than just automatically latching onto the strongest open network signal or a network they've connected to before. It's a good idea. Never assume the network you used in one place is as safe as one with the same name in another place. Anyone with the right tools could spoof a Wi-Fi network's broadcast name (called the SSID).
If the device asks first, you can decide whether it's safe to connect. On iOS, for example, go to Settings > Wi-Fi > Ask to Join Networks and select Ask. On Android, the exact path will vary, but look for Network & Internet > Wi-Fi > Network Preferences in Settings. Turn on Notify for Public Networks.
4. Be Your Own Hotspot
(Credit: PCMag/Apple)Rather than risk everyone in a group using iffy Wi-Fi, one person could designate their own device as the hotspot. Almost all laptops and phones make it easy to become your own hotspot for others. It won't be fast, but it will be more secure.
For Windows: Turn it on at Settings > Network & Internet > Mobile Hotspot. Pick the kind of internet connection used (if there is more than one option; this is best if you've got an Ethernet connection) and copy the name of the network to hand out to people (change it to something easy), as well as the network password they need for access (again, something simple, but with eight characters at least).
For macOS: Go to Apple Menu > System Preferences > Sharing and click the Internet Sharing box. Pick a connection type to share, how you plan to share it (namely Wi-Fi), then click Wi-Fi options to name the hotspot and give it a password.
For iOS: Go to Settings > Personal Hotspot to toggle on Allow Others to Join. You can also reset the password here to one that's a minimum of eight characters.
For Android: Look under Settings > Network & Internet > Hotspot & Tethering.
5. Take a Hotspot With You
Public access Wi-Fi is great, but you could just carry your hotspot. Cellular modem hotspots have their own battery, use cellular backhaul for an internet connection, and provide multiple people with Wi-Fi access. Sure, it costs more, but it might be worth it if you've got a lot of traveling ahead. Our top pick depends on your carrier (see our roundup of the best mobile hotspots). Overall, this is much more secure than using publicly provided Wi-Fi. But it will cost you more, either in money or data (or both).
6. Subscribe to Hotspots
Services like Boingo—which partners with others to provide access to over one million hotspots around the globe—or Gogo, which provides hotspots specifically for planes in flight, are two of the big names in subscription Wi-Fi services. Pay them a monthly fee—which can get pricey—and you know that when you find their certified hotspots, they're a lot less likely to be run by the bad guys. The services don't have blanket safety guarantees, but their authentication and encryption options make them a lot safer than picking random hotspots.
7. Avoid Personal Data in Hotspots
(Credit: JJ Gouin/Shutterstock.com)This is less a technical tip than a behavioral one. If at all possible, avoid doing serious tasks like paying bills, accessing your bank account, or even using your credit card when connected to public Wi-Fi. And filing your taxes at a hotspot? No way.
Save those transactions for when you're connected safely to your home network. Since you already keep that one secure (right?!), you're a lot less likely to get targeted by snoops. If you absolutely must do the above, read on.
8. Avoid Using Your Passwords
(Credit: ronstik/Getty Images)There are a lot of passwords to remember, and you probably have to enter a few even while you're on public Wi-Fi. But if you've been compromised—say some hacker is sniffing the airwaves and pulling down data—anything you type and send to the internet could be equally compromised. That's one of the many reasons you should use a password manager. They store passwords for you and keep them encrypted, even on mobile apps.
If you do use passwords, try to make sure they're on sites where you have multi-factor authentication set up. Better yet, start using passkeys.
9. Check for a Secure Connection
Most websites use the HTTPS protocol to support SSL (Secure Sockets Layer) to make your connection to them more secure. Browsers like Chrome warn you if you visit a site without it. You can tell if the site you're on uses HTTPS even if you can't see it listed in the URL (in the first part, as seen in "https://www.pcmag.com"). For example, a lock icon and the word "Secure" appear at the start of the address bar in the Chrome browser on the desktop (the lock also appears on most smartphone browsers).
Almost all the major desktop browsers have a setting to warn you if you encounter an unsecured site, and will force the site to try and load with HTTPS. Quick instructions:
- For Microsoft Edge: Go to edge://flags and find Automatic HTTPS and set it to Enabled.
- For Mozilla Firefox: In Settings, type HTTPS in the search box, click the button next to Enable HTTPS-Only Mode.
- For Google Chrome: Go to Settings > Privacy & Security > Security > Always Use Secure Connections and toggle it on.
10. Use a VPN
This should go without saying by now: You need a virtual private network (VPN) when you're on a public network. While this was moderately good advice the first time we wrote this story over a decade ago, we now live in a digital surveillance/hacker state that rivals Orwell's 1984.
A VPN creates a private tunnel between your laptop or smartphone and the VPN server on the other end, encrypting your traffic from snoops—even your ISP or the operator of the hotspot itself. To find the one that's right for you, read our roundup of the best VPN services. Put it on all your devices that use public Wi-Fi of any sort. Even on your home Wi-Fi. You'll be glad you did. (For complete anonymity, use the Tor network.)
11. Turn Off Sharing
(Credit: Microsoft/PCMag)When you connect to a network with a PC, be it a Windows or Mac, the goal is typically to share some services—at the very least files and printing ability. If you leave that sharing option open when connected to a hotspot and connect to the wrong thing, you're giving bad guys easy access. Disable it before you go out.
In Windows, go to Settings > Network & Internet > Advanced Network Settings > Advanced Sharing Settings. Under Public Networks, turn off network discovery so your PC isn't seen, and turn off file and printer sharing to avoid sharing.
12. Keep Your OS and Apps Updated
Operating system (OS) updates are an annoying yet necessary evil. OS updates are serious business as they often fix security holes—yes, even on macOS and iOS devices. Once an update is available, everyone in the world knows about the holes in the previous iteration—if you haven't patched that flaw, your device becomes low-hanging fruit ready to be plucked by an opportunistic hacker.
Don't forget mobile apps either. App updates also fix serious security holes. Especially the browser apps, but anything that goes online could be vulnerable. On iOS, go to Settings > App Store > App Updates and toggle it on so apps update themselves regularly. On Android devices, you can do the same in the Play Store: Click your avatar and go to Settings > Network Preferences > Auto-Update Apps, then choose whether you want auto-updates to happen over any network (such as your mobile connection) or just when you're on Wi-Fi.