10 Tips to Stay Safe on Public Wi-Fi

Wi-Fi signal

En español | When you access the Internet at any of the world’s 6 million public Wi-Fi hot spots — at airports, parks, businesses, hotels, wherever — assume that anything you are sending or receiving is up for grabs: your emails, photos, files, passwords, credit card numbers.

According to some estimates, up to 95 percent of public hot spots are insecure because their wireless networks do not encrypt users’ Web traffic.

Without encryption, which scrambles data so it’s not accessible to others, eavesdroppers within 100 feet can get an eyeful of your online activity — whether you’re using a laptop, tablet or smartphone. All it takes is free Wi-Fi monitoring (aka “ sniffer”) or other software on their device. Hundreds of online tutorials and YouTube videos offer how-to instructions for budding hot-spot hackers.

At home, your online transmissions are encrypted between your device and your wireless router and are protected from view of prying neighbors within range of your home’s wireless network. But when using public Wi-Fi, follow these tips for safer surfing.

1. If the hot-spot network doesn’t require a WPA or WPA2 password (for Wi-Fi Protected Access), it’s likely unencrypted, insecure and not the place to do online banking or shopping, or to send sensitive emails or photos.

2. Ditto for websites that don’t have https (the “s” is for secure) at the start of the Web address on every page. “Some websites use encryption only on the sign-in page, but if any part of your session isn’t encrypted, your entire account could be vulnerable,” the Federal Trade Commission warns. “Look for https on every page you visit, not just when you sign in.” If there's an “s” missing on any page, log out.

3. Set your laptop, tablet or smartphone so you have to manually select the Wi-Fi network. And turn off Sharing and Wi-Fi capabilities when you’re not using them.

4. Don’t trust mobile apps. Most don’t have a visible indicator such as https: or encrypt information properly. In public hot spots, it’s best to stick with your phone’s data network (often referred to as 3G or 4G) for sensitive transmissions.

5. Consider a VPN. If you must use hot spots for sensitive activity (take note, business travelers), a virtual private network (VPN) service provides encryption and security over public networks. You can find freebies; quality protection can be had for under $50 per year.

6. Free add-ons Force-TLS and HTTPS-Everywhere force encryption on popular websites that usually aren't encrypted. They don’t protect you on all websites but are still recommended.

7. Make sure you know, and carefully read, the exact name and URL address of the establishment’s network and connect only to it. Don’t be fooled by look-alikes or slightly tweaked URLs, which could be the work of nearby hackers who lead you to their rogue websites.

Get discounts on financial services from trusted companies — AARP Member Advantages »

8. Don’t stay permanently signed in to accounts at hot spots. Log out from each website and after each session.

9. Use Google Chrome’s “ incognito mode” (Ctrl +Shift + N) so your search history, passwords and cookies will not be saved automatically. Select “no” if asked if you want to save any passwords or information.

10. Enable two-factor authentication. Wise for everyone but even more important for the hot-spot enthusiast, this per-website step adds an extra layer of protection for public password-sniffing hackers.

For information about other scams, sign up for the Fraud Watch Network . You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and gain access to a network of experts, law enforcement and people in your community who will keep you up-to-date on the latest scams in your area.

Photo: D3Damon/iStock

Also of Interest

See the  AARP home page for deals, savings tips, trivia and more.

Search AARP Blogs