Tech Ramblings
Published in

Tech Ramblings

How To Use Open Wi-Fi Safely

Open Wi-Fi hotspots at coffee shops, airports, and other public places are opportunities for hackers to steal information and more. I’ll review how to stay safe.

It can be absolutely safe to send and receive email from a coffee shop, or any other location that provides unsecured or “open” Wi-Fi. In fact, I do it all the time.

But you do have to follow some very important practices to ensure your safety.

The open Wi-Fi problem

The problem with open Wi-Fi hotspots is that the wireless radio connection between your computer and the access point nearby is not encrypted. That means any data you don’t encrypt some other way is transmitted in the clear, and anyone within range can eavesdrop and see it. Encryption, using WPA2, prevents that.

An interstitial page is not encryption. If you connect to a hotspot and the operating system on your machine requires a password for that to work, that’s not an open Wi-Fi hotspot, and you may be OK. On the other hand, if you can connect, and when you fire up your browser it first takes you to a web page that says “enter a password” (as in a hotel) or “check to accept our terms” (as in most other open hotspots) that is not encrypted, and it is not secure. It is an open Wi-Fi hotspot.

Turn on the firewall

Fortunately, firewalls are “on” by default in most operating systems.

However, when you’re at home, you may use your router as your firewall, and keep any software firewall on your machine disabled. That works well, as the router stops network-based attacks before they ever reach your computer… while you’re at home.

When you’re on an open Wi-Fi hotspot, or connected directly to the internet via other means, that software firewall isn’t redundant. In fact, it’s critical.

Make sure that the firewall is enabled before connecting to an open Wi-Fi hotspot. Various network-based threats could be present on an untrusted connection, and it’s the firewall’s job to protect you from exactly that.

Secure your desktop email program

If you use a desktop email program, such as Outlook, Windows Live Mail, Thunderbird, or others, you must make certain it is configured to use SSL/secure connections for sending and downloading email.

Typically, that means that when you configure each email account in your email program, you need to:

  • Configure your POP3 or IMAP server for accessing your email using the SSL, TLS, or SSL/TLS security options, and usually a different port number.
  • Configure your SMTP server for sending email using SSL, TLS, or SSL/TLS security options, and usually a different port number, such as 26, 465, or 587, instead of the default 25.

The exact settings, and whether or not this is even possible, depends entirely on your email service provider; you’ll need to check with them to determine the correct settings. How you configure these settings, of course, depends on the email program you use.

With these settings, you can feel secure downloading and sending mail using an open Wi-Fi hotspot.

Secure your web-based email

If you use a web-based email service like Gmail,, Yahoo, or others via your browser, you must make sure that it uses an httpS connection and that it keeps on using that httpS connection throughout your email session.

Fortunately, most of the major email services have moved to making https the standard, (and often the only) connection method.

Accessing email using a plain http connection might well be the source of many open Wi-Fi-related hacks. I expect that people simply log in to their web-based email service without thinking about security; as a result, their username and password are visible to any hackers in range who care to look.

Be careful. Some services will use https only for your login, which is insufficient, as your email conversations thereafter could be viewed by others. Other services may “fall out” of https, reverting to unsecure http without warning.

Secure all your other online accounts

Any and all web-based (aka “cloud”) services that require you to log in with a username and password should either be used only with https from start to finish, or should be avoided completely while you’re using an open Wi-Fi hotspot.

With more and more services being provided online, this is getting to be a larger problem.

Using “the cloud” is a great way to manage your digital life from wherever you may be, but one of the key problems remains security. Using https is critical to that security when you’re out and about.

Use a VPN

This one’s for the road warriors. You know them: the folks who are always traveling and online the entire time, often hopping from coffee shop to coffee shop in search of an internet connection as they go.

A VPN, or Virtual Private Network, is a service that sets up a securely encrypted ‘tunnel’ to the internet and routes all of your internet traffic through it. Https or not, SSL/secure email configuration or not, all of your traffic is securely tunneled, and no one sharing that open Wi-Fi hotspot can see a thing.

This service typically involves a recurring fee. As I said, they’re great for road warriors, but probably overkill for the rest of us, as long as we follow the other security steps described above.

Use different passwords

Finally, it’s important to keep your account passwords different from each other and, of course, secure.

That way, should one account be compromised by some stroke of misfortune, the hackers won’t automatically gain access to your other accounts. Remember, even when you use an open Wi-Fi hotspot properly, a hacker can still see the sites you’re visiting, even though they cannot see what you are sending to and from that site. That means they’ll know exactly what sites to target.

Consider not using free Wi-Fi at all

As I said, it can be safe to use open Wi-Fi, but it’s also very easy for it to be unsafe.

One common alternative is to use your phone instead.

While it is technically possible, a mobile/cellular network connection is significantly less likely to be hacked. In fact, I use this solution heavily when I travel.

Most mobile carriers offer one or more of the following options:

  • Use your mobile device. Many phones or other mobile devices, such as iPhones, iPads, Android-based phones, and others are quite capable email and web-surfing devices, and typically do so via the mobile network. (Some can also use Wi-Fi, so be certain you’re using the mobile broadband connection for this option to avoid the very security issues we’re discussing.)
  • Tether your phone. Tethering means you connect your phone to your computer — usually by a USB cable, but in some cases, via a Bluetooth connection — and the phone acts as a modem, providing a mobile broadband internet connection.
  • Use a dedicated mobile modem. Occasionally referred to as “air cards”, these are USB devices that attach to your computer and act as a modem, providing a mobile broadband internet connection, much like tethering your phone.
  • Use a mobile hotspot. In lieu of tethering, many phones now have the ability to act as a Wi-Fi hotspot themselves. There are also dedicated devices, such as the MiFi, that are simple dedicated hotspots. Either way, the device connects to the mobile broadband network and provides a Wi-Fi hotspot accessible to one or more devices within range. When used in this manner, these devices are acting as routers and must be configured securely, including a WPA2 password, so as not to be simply another open Wi-Fi hotspot susceptible to hacking.

I travel with a MiFi, and also have a phone capable of acting as a hotspot as a backup. I find this to be the most flexible option for the way I travel and use my computer.

Don’t forget physical security

Laptops are convenient because they’re portable. And because they’re portable, laptops are also easily stolen.

Unfortunately, it only takes a few seconds for an unattended laptop to disappear. That’s one reason I never leave mine alone: even if I need to make a quick trip to the restroom, the laptop comes with me. There’s just no way of knowing that absolutely everyone around is completely trustworthy.

In that same vein, I also prepare somewhat in case my laptop does get swiped. Specifically, that means:

  • My hard drive is encrypted.
  • My sensitive data is stored in folders that are encrypted using BoxCryptor, which is not mounted unless I need something.
  • Lastpass is set to require a password re-prompt after a certain amount of inactivity.
  • I have two-factor authentication enabled on as many accounts as support it, including Lastpass.
  • I have tracking/remote wiping software installed.

Computer theft and recovery is a larger topic that’s only tangential to using open Wi-Fi hotspots. Clearly, though, if you are a frequent user of assorted open hotspots in your community or when you travel, a little attention to theft prevention and recovery is worth it as well.

Security and convenience are always at odds

As you can see, it’s easy to get this stuff wrong, since doing it securely takes a little planning and forethought.

But it’s important. If you’re not doing things securely, that guy in the corner with his laptop open could be watching all your internet traffic on the Wi-Fi connection, including your account username and password as they fly by.

And when that happens, you can get hacked.

Fortunately, with a little knowledge and preparation, it’s also relatively easy to be safe.

This article originally appeared on Ask Leo! where you’ll always find updates as well as the most vibrant discussion. For the latest, subscribe now to The Ask Leo! Newsletter and get a copy of The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition. This ebook will help you identify the most important steps you can take to keep your computer, and yourself, safe as you navigate today’s digital landscape.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Leo Notenboom

Former software engineer at Microsoft for 18 years, now sharing my passions, answering questions & helping folks with technology. (since 2003)