Public Wi-Fi is ubiquitous now. Nearly every coffee shop, fast food restaurant, and airport offers it. It’s even hard to find a public park without Wi-Fi. But with that convenience comes risk. There are several ways you could be the target of an attack via public Wi-Fi.
The first is called a Man-in-the-Middle attack. This is when someone collects login information or other personal data as it is passed between your computer and access points. A hacker can then go back later and log in as you or use your information, such as credit card numbers.
Similarly, someone might set up what’s known as an Evil Twin. This is an access point that provides free public Wi-Fi but is also collecting all your personal information while you use it. The network name might be very similar to the network the store offers and could even use the same password. The perpetrator might even position the Evil Twin access point closer to where people are using computers so that the signal is stronger than the legitimate network. Stronger networks will show up on your computer at the top of the list of available networks.
Less common now, but a growing threat, are Wi-Fi viruses. These are spread via the Wi-Fi network and, like a regular computer virus, can cause any manner of destruction.
Eight things you can do to avoid public Wi-Fi threats
- Know what network you’re connecting to: If there are a number of networks available, ask an employee which one the business operates. Do not connect to another network even if it offers a better connection or faster speed.
- Connect only to password-protected networks: Using a WPA or WPA2 connection (one that needs a password) may offer only a little bit of protection, but it’s better than nothing.
- Use HTTP Secure connections when available: HTTP Secure (characterized by the URL starting with https://) adds a layer of encryption between you and the website, making your actions unreadable by someone in between. Many popular sites such as Amazon and Gmail turn this on by default. Other services, including Facebook and Twitter, have https as an option under your settings. The Electronic Frontier Foundation in conjunction with The Tor Project have created a Firefox extension called HTTPS Everywhere. When active, the extension will check to see if the URL you are requesting is available via HTTP Secure first.
- Run an antivirus program: Not running an antivirus program is just asking for trouble. Don’t forget to keep your antivirus software updated, too.
- Use a firewall: Windows 7 has a good built-in firewall that prevents unauthorized programs from accessing your PC, and many antivirus suites also include a firewall program.
- Do not use public Wi-Fi for sensitive material: Wait until you are on a secure network to make online purchases, manage your finances, or any other activity that requires you to type in information you want to keep private.
- Vary your usernames and passwords: Do not use a single password for everything. If someone does get your information for one website, you don’t want them to have your information for every website.
- Be aware of your surroundings: Don’t forget that in a public place anyone who can see your keyboard can watch what you type. If you are using a public computer, always remember to log off of all services you were using before walking away. This includes Windows.
The key to safe computing on public Wi-Fi comes down to a mixture of common sense and vigilance. Always be aware of what you are connecting to and what you are doing over that connection. Don’t expose usernames, passwords or other personal information if it can wait until you are on a private network.