News  General
7 ways to stay safe with free WiFi

Digital hygiene

Free public WiFi can be a lifesaver. Your device can be out of the range of a mobile signal more often than you think, for example in underground stations or large buildings. Most tablet users don't even have a choice. Often you'll be alerted to a full-strength WiFi hotspot just itching for you to use it which claims to be "free".

Like anything in life, however, there is no such thing as a free lunch. "Free" anything usually wants something back in return and WiFi is no different. However, there is the risk of extra danger - not all hotspots are created equally.

Some of the dangers are not immediately obvious. Here we show 7 ways you can minimize the risks when using these free WiFi hotspots.

Identity, please

The experience of connecting to a free WiFi hotspot for the first time usually goes like this: you try to access the internet with a regular link, such as in your browser, or some other means which would normally require a connection, such as email. It fails, and you then get an alert about the new WiFi hotspot being available. You agree to connect to that, and then your browser shows a signup page. Typically, you can continue for free if you provide your name, email address and something other credentials too. The provider then stores your new account details and grants you access. They then have your information to do with in any way you agreed to when you checked the "I agree" sign up box.

7 ways to stay safe with free WiFi

The dangers

Even though the WiFi hotspot has a password, you are trusting the provider of that hotspot with your data. Usually, others will be connected. This means even if the provider is trustworthy and has taken every precaution they are aware of to protect you, that's not necessarily the case with the guy in the shades and hoodie sat in the far corner of the airport lounge. Remember the Smartphone Virus motto: forewarned is forearmed.


Verify the connection physically - use common sense  

If you go to the WhizzBang Hotel for the first time, and your smartphone alerts you to a new WiFi hotspot with a similar name, chances are it's legit. Even better, before connecting have a look around for signs promoting its availability - the name to use with usualy be right there on the sign. On the other hand, if you are on the street, a train, a bus etc and a new one appears, it's best to pause first and ask yourself if this sounds feasible. It's really easy for hackers to set up a fake mobile WiFi hotspot, and the tricky thing with this is they can call it anything they want. Even "Whizz Bang Hotel" (note the space). These imitation ones can't stay up for long, however. In general, if you're expecting a WiFi hotspot to have the name it has, in the location it has, you should be OK, and cautious otherwise.


Don't share passwords  

This advice is great for the web generally, but especially for public WiFi users. If your traffic does end up being captured, the data within it is now at the mercy of the hacker. If you visited a website which needed a login, those credentials could have been exposed. Clearly, using the same password on other sites could allow the hacker into those, too. So make sure different passwords are used for each site to minimize the damage if the worst coms to the worst.


Turn on mobile data for financial transactions  

Anything related to money in your data stream is of particular concern. Most devices have a quick way to temporarily disable any current WiFi connection. If you know you're going to be entering your credit card/PayPal/other financial details, you could use your mobile data connection just for this, as it will generally be much safer.


Turn off browser tracking 

For general surfing, it's not usually necessary to use your full account which could end up passing your details over the air to the sites you visit. Most browsers have an anonymous mode you can activate, or even better consider installing a second browser which you don't log into at all. This other could be from a different supplier entirely.


Log out  

This advice boils down to "keep your session to the absolute minimum". Say you have just surfed the web using a free WiFi access point. Don't just put your phone back in your pocket without logging out - the connection could still be live. Attackers logging your traffic want the maximum surface area possible to go for, so you don't want to help them by exposing the connection more than is absolutely necessary.


Use SSL  

The entire web is moving towards SSL for a good reason. We covered the latest move with this when Let's Encrypt started offering permanently free SSL certificates. If you have the choice, always use SSL connections so any data you send is scrambled from the point of view of any attackers, and you really are connecting to who you think you are.


Use a VPN  

A VPN is the way users requiring top end security, such as the military, governments and business users go. This is like a permanent SSL in that the connection is through a trusted third party server which performs the same role as an SSL cert. They are not usually free, but for the ultimate piece of mind they have no equal.


The general advice is to always stay alert and don't let your guard down for a second - that's all the hackers need. Kaspersky has this to say:

In a recent survey, 70% of tablet owners and 53% of smartphone / mobile phone owners stated that they use public Wi-Fi hotspots.

As with all security, a little inconvenience is necessary. Hopefully this won't interfere with the experience too much and we can all enjoy good digital hygiene from now on.