Planning to travel this spring? Taking along your laptop or other handy little device? Of course you are. Here, then, are some guidelines for using public Wi-Fi. You may know all of this stuff already, but lots of us don’t and we’re too embarrassed to ask our kids for help – again.
You will find Wi-Fi hotspots and networks everywhere you go: airports, libraries, coffee shops, hotels, university campuses and so on. They’re really handy, but do be careful. These hotspots are usually not secure. In fact, you can be comfortable that a location is secure only if it asks you to provide a WPA password. Otherwise, if you are not 100% certain, proceed as if the network you are using is unsecured.
Experts recommend that when you use a hotspot, the best practice is to send information only to a website that is fully encrypted. How can you tell? Look for https at the beginning of the web address – the ‘s’ is for ‘secure’. Now be warned that some websites use encryption only on the sign-in page and that if any part of your session is not encrypted, the entire account could be vulnerable. So look for that https on each and every page you land on, not just sign-in page.
Encryption is not just geek-speak. It’s the key to ensuring the security of your personal information online. It works by scrambling the information you send on the internet into a code, thus making that information inaccessible to others. An encrypted website protects only the information you send to and from that particular site. When using wireless networks, only send personal information that is encrypted, either by that encrypted site (as above) or from a secure Wi-Fi network. A secure wireless network encrypts all the information you send when using that network.
When you send your photos and videos and emails, or when you use Facebook or other social media, or do your banking and bill paying online, you are sending out masses of valuable personal information. This shared information is stored on a server (a powerful computer that collects and delivers content). Many (though not all) websites, such as banking and credit union sites, use encryption to protect that information as it goes from your computer to their servers. Once again, check for https.
Remember, though, that most Wi-Fi hotspots do not encrypt the stuff you send over the internet and are not secure. If you go ahead anyway and use an unsecured network to log in to a site that is unencrypted, or one that uses encryption only on the sign-in page, what’s the risk? That others on the network can see everything you are doing and what you are sending. They could log in as you and take over, in fact, hijack your session. Everything you have is right there for the taking. To make it even worse, new hijacking tools are developed every day, and they are available free online – tools that make it really easy for even unsophisticated users to start hacking away.
Do you need any more problems? Do you need an imposter taking over your accounts, checking out (and using!) your financial information, pretending they’re you and scamming your friends, family and co-workers? Of course not. Here are some tips to help you protect yourself:
- Do not stay permanently signed-in to accounts. When you’re done using an account, log out.
- When using a Wi-Fi hotspot, only log in or send personal information to websites that you know are fully encrypted. This means that to be secure, your entire visit to each site should be encrypted, from start (the log-in) to finish (the log-out). If you are going along, having logged in to an encrypted site, and you find you’ve landed on an unencrypted page, log out at once.
- This is tough, but don’t use the same password on different sites. If you do, should someone gain access to one of your sites, they will have access to many of your other accounts, too. Hackers count on our password laziness.
- Many web browsers send alerts to users who try to visit fraudulent websites or to download malicious programs. Heed these warnings.
- Keep your browsers and security software up-to-date.
- If you find yourself regularly accessing your accounts through Wi-Fi hotspots, use a virtual private network (VPN). A VPN encrypts traffic between your computer and the internet – even on unsecured networks. You can get a personal VPN account from a VPN service provider. You may have one already through work, as some organizations create VPNs to provide secure remote access for their employees.
- There are Wi-Fi networks that use encryption – WEP and WPA are the most common. WPA2 is the strongest. WEP may not protect your information against common hacking challenges, but WPA encryption should do just that. Not sure if you’re on a WPA network? Then proceed as if you are using an unsecured network.
- There are browser add-ons or plug-ins that you can install that may help. Force-TLS and HTTPS-Everywhere are free Foxfire add-ons that force the browser to use encryption on popular websites that are usually unencrypted. Of course, they do not protect all sites – so once again, check for the https in the URL to be sure a site is secure.
Special thinks to onGuardOnline.gov.