Free WiFi hotspots are public places where anyone can access the internet, but they can be unsafe as they are often unencrypted and can be intercepted by malicious people. Users should avoid visiting websites that send usernames, passwords, or plain text emails and use reputable anti-virus and anti-spyware software. It is safe to use hotspots to access sites that provide end-to-end encryption, such as online banking and shopping carts. Highly sensitive tasks should only be performed from a person’s home computer.
Free WiFi® or hotspots are public places where Internet connectivity is available to anyone within transmission range. Cafes, libraries, school campuses, and civic centers are just a few places people might find access. In general, it’s safe to use hotspots with a few common sense rules.
Hotspot networks are often unencrypted, as encryption would require login credentials for every person joining the network, hindering accessibility. Networks that don’t require credentials are easy for anyone to get into with little or no user direction.
A wireless router broadcasts all dialogue between itself and connected computers. If ten patrons of a café use their computers to access the Internet, check e-mail or download music, ten conversations are broadcast throughout the café and its immediate surroundings. Others within range can use widely available tools to intercept that dialogue, intercept and analyze data packets. This is a good way for malicious people in the vicinity to get usernames, passwords, e-mail messages, and other personal information traveling unencrypted over the wireless network.
As a precaution, users may avoid visiting websites that send usernames, passwords, or plain text emails when using free WiFi®. That said, when you access such websites from home, your data still travels across the internet in plain text, subject to online snoopers. By not visiting sites in public, users are only eliminating the added risk of local users eavesdropping on wireless traffic.
Even though a free WiFi® network is encrypted, there are different types of encryption. An old protocol known as Wired Equivalent Privacy (WEP) can easily be cracked with readily available software. Only the strongest WiFi® Protected Access (WPA) will prevent curious locals from deciphering the dialogue between your computer and the wireless router. In all cases, the router will decrypt the traffic before sending it out to the internet, so online snoopers will still be able to read the unencrypted data exchanged between you and the internet. WPA will only block local curious people from reading your wireless traffic.
It is safe, however, to use hotspots to access sites that provide end-to-end (also called point-to-point) encryption. End-to-end encryption is applied automatically when you visit a site with an address starting with https. In this case, your browser will encrypt all communications before they leave your computer and will only be decrypted at the destination site. Similarly, the website encrypts everything from its end, which is decrypted by the browser. An intruder, local or online, can still intercept data packets in transit, but the contents of those packets will be unreadable.
Online banking uses point-to-point encryption, as do shopping carts and all legitimate websites that ask for personal information to provide a service or product. Ideally, any website that requires a username and password should provide a secure connection to exchange those credentials, but many sites that require registration allow the username and password to travel in the clear. Unfortunately, this also applies to some web-based email services. In this case, the email also travels in the clear text for curious people to intercept and read.
While free WiFi® is safe for secure websites, highly sensitive tasks should only be performed from a person’s home computer. A public computer should not be trusted except for casual browsing. Computers store passwords, usernames, and other revealing data in a type of memory called a cache, making it possible for others to later retrieve them. A public computer could also be infected with keylogger software that logs keystrokes, defeating the purpose of point-to-point encryption by trapping account numbers, usernames and passwords as they are typed on the keyboard.
To keep a computer safe, users should use reputable anti-virus and anti-spyware software that is updated frequently. Also, people should regularly look for rootkits, which are scripts that can be used remotely to control a computer online without the owner’s knowledge. Rootkits use resources that can slow down performance, interfere with the proper functioning of your computer, and can also be used to install keyloggers and other malicious software.
Protect your devices with Threat Protection by NordVPN
