How to safely use free public Wi-Fi hotspot networks

In this guide

Public Wi-Fi hotspots can be found all over the country in pubs, cafes, restaurants, shops, airports and many other locations. Often they're free, and some UK broadband providers such as Sky and BT give their customers free Wi-Fi access to use away from home.

Wi-Fi hotspots are handy if you need fast internet access when there’s no mobile signal, or when you’re trying to conserve mobile broadband data. But before you take advantage of public Wi-Fi broadband you need to be aware of the security risks, and how to reduce the danger to safely browse on public wireless connections.

The problem with public Wi-Fi hotspots

Whenever you use public Wi-Fi there is a risk that your activity is being monitored.

Eavesdropping is a concern on most Wi-Fi networks because it’s relatively easy to use freely available tools to sniff network traffic. In the worst case scenario where a connection is not encrypted then someone monitoring the Wi-Fi could see everything in plain text, which could include the contents of messages, financial details and passwords.

There is also the danger of fake Wi-Fi networks being deployed for the express purpose of capturing data.

Open Wi-Fi networks without a password are most risky, but it is also a problem for networks protected by a password. The WPA2 standard which protects many Wi-Fi networks (including home Wi-Fi) is meant to encrypt network traffic as well as securing the connection with a password, but it is vulnerable to a simple exploit. Networks using WPA-Enterprise are safer but this is much more complicated to setup and typically it is only used by large organisations.

That doesn’t mean it’s necessary to avoid public Wi-Fi hotspots altogether, but you should take precautions when connecting to a network where you do not trust every single device or user (which for most us will mean any Wi-Fi network except our home broadband).

Keep in mind that whenever you connect to public Wi-Fi your activity may be monitored and logged, and behave accordingly.

Staying safe on public Wi-Fi

Wi-Fi network names

Always check that the Wi-Fi network name (or SSID - Service Set Identifier) and password matches the details given by the network operator. If not it may be a fake Wi-Fi point trying to fool unsuspecting users.

Disable Wi-Fi when it’s not needed

By default computers and mobiles will automatically reconnect to a known network. So by operating a clone of a common network a hacker could catch out people who don’t realise their device has connected to a Wi-Fi point and is sending data over a compromised connection.

Watch out for networks which have a common name (perhaps replicating a popular brand of router or a well known public Wi-Fi provider) but lack a password. You may also wish to either disable Wi-Fi when it’s not required, or configure your devices to prevent them automatically latching on to Wi-Fi whenever it’s available.

Web site and app encryption

You should always be cautious when accessing web sites or using apps on public Wi-Fi. If there is no password on the network then traffic is not encrypted and will be potentially visible to everyone, but even when you’re connected to a password protected network there is a risk due to weaknesses in Wi-Fi security.

To protect yourself ensure that the web sites and online services you're using are encrypted. Then even if traffic is monitored they will be much less likely to gather any useful data (sniffing encrypted traffic is possible but far more difficult). Just bear in mind that anyone monitoring the Wi-Fi could still tell what app or web site you’re using even if they cannot see the content of your communications.

Never enter any data (including logging in to an account) on a site which is not protected by HTTPS - check your web browser’s URL bar to confirm. Most browsers will indicate a secure site with a green padlock symbol. Pay attention to warnings which may indicate an incorrectly secured or fake site which could leak data.

The web browser extension HTTPS Everywhere can help you stay safe online by forcing a HTTPS connection whenever it is available.

The same goes for mobile and desktop applications. Unless you’re sure that the software has an encrypted connection you should not use it to transmit information on an untrusted network.

Using a VPN on public Wi-Fi

For additional security you may wish to use a Virtual Private Network (VPN). A VPN provides an encrypted link over which all your internet traffic can be sent. Your device securely connects to the VPN, then the VPN server acts as a proxy between you and the rest of the internet. Any sneaky hackers trying to monitor the Wi-Fi will see nothing but encrypted traffic going to the VPN server (and to the rest of the world you will appear to be connecting from wherever the VPN server is located).

This can be an extremely safe and secure way to use public Wi-Fi, but you must be able to trust the VPN provider with your internet traffic. Before signing up to any VPN you should read reviews and research the company.

Although VPNs sound technical they are relatively straightforward to set up and use. Our guide to using a VPN can provide further guidance if you’d like to know more.