How do I use an open WiFi hotspot safely?

Helping people with computers... one answer at a time.

Ask Leo! » Networking » Wireless Networking

Open WiFi hotspots at coffee shops, airports and other public places are opportunities for hackers to steal information. I'll review how to stay safe.

I've returned to the same coffee shop where I was a few months ago when I noticed that my email had been hijacked/hacked. This time, I'm using my phone, but the last time when I noticed the hack, I was using my computer and doing email over an open-internet, free WiFi network.

Do you think that could be the source of the problem or just a coincidence? I'm still afraid to do email from here.

•

It definitely could have been. Unfortunately, it's hard to say for sure and it could have been something else unrelated.

As we can't really diagnose the past, let's look ahead instead.

It absolutely can be safe to do email from a coffee shop or any other location that provides unsecured or "open" WiFi. In fact, I do it all the time.

But you do have to make sure to follow some very important practices to ensure your safety.

•

Turn On The Firewall

This is easily and frequently overlooked.

When you're at home, you may use your router as your firewall and keep the Windows or other software firewall on your machine disabled as redundant. That works well, as the router stops network-based attacks before they ever reach your computer.

Locked Laptop

When you're on an open WiFi hotspot or connected directly to the internet via other means, that software firewall isn't redundant. In fact, it's required.

Make sure that the firewall is enabled before connecting to an open WiFi hotspot. Various network-based threats could be present on an untrusted connection, and it's the firewall's job to protect you from exactly that.

Consider Not Using Free WiFi

As I said, it can be safe to use open WiFi, but it's also very easy for it to be unsafe.

The solution that you used while you were at that same coffee shop (and asked me about in this question) is a very common and solid one: use your phone instead.

While it is technically possible, a mobile/cellular network connection is significantly less likely to be hacked. I use this solution when I travel.

Most mobile carriers offer one or more of the following options:

Use your phone. Many phones or other mobile devices, such as iPhones, iPads, Droids, Blackberrys and others, are quite capable email and web-surfing devices, and typically do so via the mobile network. (Some can also use WiFi, so be certain that you're using the mobile broadband connection for this option to avoid the security issues that we're discussing.)
Tether your phone. Tethering means you connect your phone to your computer - usually by a USB cable, but in some cases, via a Bluetooth connection - and the phone acts as a modem, providing a mobile broadband internet connection.
Use a dedicated mobile modem. Occasionally referred to as "air cards", these are USB devices or PCMCIA cards that attach to your computer and act as a modem, providing a mobile broadband internet connection, much like tethering your phone.
Use a mobile hotspot. In lieu of tethering, many phones now have the ability to act as a WiFi hotspot themselves. There are also dedicated devices, such as the MiFi, that when turned on, are simple dedicated hotspots. Either way, the device connects to the mobile broadband network and provides a WiFi hotspot accessible to one or more devices within range. When used in this manner, these devices are acting as routers and must be configured securely, including applying a WPA/WPA2 password so as not to be simply another open WiFi hotspot susceptible to hacking.

I travel with a MiFi, and also have a phone capable of acting as a hotspot as a backup. I find this to be the most flexible option for the way I travel and use my computer.

Secure Your Desktop Email Program

If you use a desktop email program such as Outlook, Outlook Express, Windows Mail, Windows Live Mail, Thunderbird or others, make certain that it's configured to use SSL/secure connections for sending and downloading email.

Typically, that means that when you configure the email account in your email program, you need to:

Configure your POP3 server for downloading your email selecting "SSL", "TLS", or "SSL/TLS" security option, and usually a different port number, such as 995 instead of the default 110.
Configure your SMTP server for sending email selecting "SSL", "TLS", or "SSL/TLS" security option, and usually a different port number such as 26, 465, or 587 instead of the default 25.

The exact settings and whether or not this is even possible depends entirely on your email service provider; you'll need to check with them to determine the correct settings to use. How you configure these settings, of course, depends on the email program that you use.

With these settings, you can feel secure downloading and sending mail using an open WiFi hotspot.

It's what I often do when I don't have my MiFi with me.

"I expect that people simply login to their web-based email service without thinking about security and as a result, the username and password are visible to any hackers in range who care to look."

Secure Your Web-based Email

If you use a web-based email service like Gmail, Hotmail, Yahoo or others via your browser, you must MUST MUST make sure that it uses an httpS connection and that it keeps on using that httpS connection throughout your email session.

I believe that this might well be the source of many open WiFi-related hacks. I expect that people simply login to their web-based email service without thinking about security and as a result, the username and password are visible to any hackers in range who care to look.

Some email services have "require https", which is an option you should definitely enable. The problem is that of the major services, I trust only Gmail to remain in https throughout the entire session (and even then, you need to take care if you then use other Google services using your Gmail account credentials). Some services will use https for only your login, which is insufficient as your email conversations thereafter could be viewed by others. Other services may "fall out" of https, reverting to unsecure http without warning.

Facebook also falls into this category. Facebook has a "require https" option, but apparently can fall out of https, particularly when various Facebook apps are used.

Any and all web-based services that require you to login with a username and password should either be used only with https from start to finish, or should be avoided completely while you're using an open WiFi hotspot.

Use a VPN

This one's for the road warriors. You know them - the folks who are always traveling and online the entire time they do so - often hopping from coffee shop to coffee shop in search of an internet connection as they go.

A VPN, or Virtual Private Network, is a service that sets up a securely encrypted 'tunnel' to the internet and routes all of your internet traffic through it. Regardless of https or not, SSL/secure email configuration or not, as all of your traffic is securely tunneled, no one sharing that open WiFi hotspot can see a thing.

This service typically involves a recurring fee. As I said, they're great for road-warriors but probably overkill for the rest of us as long as we abide by the other security steps described above.

Use Different Passwords

Finally, it's a good idea to keep the passwords of the accounts that you access different from each other and, of course, secure.

That way, should one account be compromised by some stroke of misfortune, the hackers won't automatically gain access to your other accounts that they may then learn of.

•

As you can see, it's unfortunately easy to get this stuff wrong. When that happens, that guy in the corner with his laptop open could be watching all your internet traffic on the WiFi connection, including your account credentials as they fly by.

And when that happens, you can get hacked.

Fortunately, with a little knowledge, forethought, and preparation, it's also relatively easy to be safe.

Article C4790 - April 10, 2011

Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

You may also be interested in:

How do I stay safe in an internet cafe? When connecting to the internet in an internet cafe, hotspot or other public connection you could be opening yourself up to serious security issues.
Is cellular broadband more secure than WiFi? Cellular is a popular internet connection alternative. As with any connection it's important to understand the security ramifications and tradeoffs.
Is it OK to use this random wireless network that I just found? When scanning for wireless connections you may find several that are unknown yet and appear open and available. Using them is risky. Very risky.
Internet Safety: How do I keep my computer safe on the internet? Internet Safety is difficult and yet critical. Here are the seven key steps to internet safety - steps to keep your computer safe on the internet.

Recent Comments

13 Comments

I understand that this article is about OPEN WiFi spots. I do however have a question that is relevant.

If a business replaced the "open" as in unencrypted with "WPA/WPA2 encrypted with publicly known password", would we then be safer?

E.g. you have the router, with WPA encryption, and above it you have "the password for this is 123456789FREEWPA". Does that prevents others who know the password from seeing what I am surfing at the moment or is "known password" as good as "no password"? I'm quite sure there are at least two persons I can convince to switch to the second option if it will improve things.

Yes. WPA/WPA2 encrypts each connection separately so that even those connected to the same hotspot cannot sniff each others traffic. (Unlike WEP.)

19-Aug-2011

Posted by: Constantinos at August 16, 2011 8:29 AM

I'm surprised and maybe learning something. I thought that all data sent from an open wifi hotspot was viewable and vulnerable unless a vpn is used. Is it true that when banking (since they keep https enabled) at an open wifi hotspot I am safe? Can I really do this without a vpn? More technically asked; when using https in an open wifi hotspot, is the wireless leg of the communication really encrypted and safe and, therefore, no other safety component is needed?
I am really interested in understanding this and/or getting a vpn recommendation.

An https connection to your bank is not sniffable - wired, or wireless.

20-Aug-2011

Posted by: Bill L at August 16, 2011 2:40 PM

This was very informative. I just went into hotmail options, and under 'Use https:' I found this warning:
"Important note: Turning on HTTPS will work for Hotmail over the web, but it will cause errors if you try to access Hotmail through programs like:
•The Windows Live application for Windows Mobile and Nokia
•MSN Explorer"

Just a little heads-up!!

Posted by: Cristie at December 8, 2011 3:27 PM

Very informative. You mentioned using your phone as a hotspot by connecting to the mobile broadband signal. Can we connect our phone to the open wifi at the business, then have our phone create another wifi that we secure, and our laptop connects to the phone wifi? I'm doubting this is possible since everything I read is about using the mobile broadband, but it's worth asking:-)

Nope. The intent is to bridge between mobile internet and your WiFi connected computer. If there's another hotspot in range simply use that instead of your phone.

03-Feb-2012

Posted by: Daniel at February 3, 2012 8:59 AM

@Daniel
As far as I know, it's not possible to use your phone hotspot function when you are connected via Wi-Fi. But it really wouldn't serve much purpose doing that anyway, as you could simply use the Wi-Fi directly from your computer.

Posted by: Mark J at February 3, 2012 1:23 PM

See all 13 comments...

Post a comment on "How do I use an open WiFi hotspot safely?":

Name: (Required - will be included when your comment is published.)

Email Address: (Required - will not be published.)

Remember Me? YesNo

Comments: (You may use HTML tags for style)

Before commenting, please...

READ THE ARTICLE. A comment that shows you didn't will be deleted and ignored.
Comment only on the article. Use the search box at the top of the page if you have a question about something else.
NO PERSONAL INFORMATION in the comment. No email addresses. No phone numbers. No physical addresses.

Anything that looks the least bit like spam will be deleted. Links to unrelated sites or links that appear to be primarily promotional will be deleted, or the comment will be deleted.
Don't ask me to recover lost passwords or hacked accounts. I can't. Those comments will be deleted.
I can't respond to every comment. And I can't vouch for the accuracy of others who do.

Read Why didn't you answer my question? for hints on getting an answer.
By posting a comment you agree to the Terms of Service. Don't agree? Don't post.
READ THE ARTICLE. A comment that shows you didn't will be deleted and ignored. Yes, I'm saying this twice; you'd be amazed.

Please wait. Your comment is being processed ...

Question? Ask Leo!
The Tip Jar: Buy Leo a Latte!

Categories | Full Archive
By Date | Business Card | About

Advertisements do not imply my endorsement of any product or service.

Copyright © 2003-2012 Puget Sound Software, LLC and Leo A. Notenboom
Ask Leo! is a registered trademark ® of Puget Sound Software, LLC
Terms, Conditions & Privacy
Product Reviews, Recommendations and Affiliate Links Disclosure

http://ask-leo.com/how_do_i_use_an_open_wifi_hotspot_safely.html