How to stay safe on public WiFi and protect your home WiFi from neighbors & hackers alike.
WiFi is not safe. Learn about WiFi security risks and how to protect yourself.
Many of us can’t stand to be “disconnected” from the Internet – whether it’s our business email or social media – for minutes, let alone hours or days.
That’s why public WiFi connections (aka hotspots) are now available in almost all cafes, airports, restaurants and bars. While offering convenience, you take big risks using public WiFi.
Of course, most people already know the dangers of WiFi. A Xirrus survey found that 91% of WiFi users know public WiFi isn’t secure – but 89% still use it.
And the risks aren’t just in public places. If your home WiFi isn’t set up right, hackers or even just greedy neighbors could take advantage of your home WiFi too.
'Unsecured WiFi Risks' contents (select to expand)
Public WiFi Security Risks
Is WiFi safe?
Is it safe to use hotel WiFi for banking?
Is Starbucks WiFi safe?
To put it bluntly: No, not at all. That goes for almost any public WiFi connection.
If you’re using public WiFi, you’re vulnerable in multiple ways:
- Your data, like online banking details or email passwords, can be intercepted
- Your computer can be infected with malware, trojans, or other viruses
- Your Internet activity can be viewed by third-parties or the owner of the WiFi network
Public WiFi threats are real
You could have your privacy invaded, accounts hacked, and even your identity stolen.
For example, the sophisticated hacking group DarkHotel has been making a business of hacking users of hotel WiFi for years, targeting high-profile business people and even political figures. But the scary part is, it doesn’t require l33t skillz to hack an unsecured wireless network.
What exactly are the unsecured WiFi risks we take when using public hotspots? Public WiFi security risks fall into two broad categories: spoofing and sniffing. Let’s dive a little deeper.
Spoofing
Spoofing tools enable hackers to create a replica of a legitimate login page that fools you into providing the hacker with your username and passphrase, sometimes even your credit card details.
These apps allow a hacker sitting nearby to make you think you are logging on to a legitimate site (for example, the login page for the hotspot or for a popular webmail, social media, shopping or banking site) when, in fact, you are entering your username and passphrase into a fake portal.
To make sure that you are on the correct sign-in page look carefully at the URL in your browser bar.
Most legitimate sign-in pages will be through a secure connection, so look for the https (note the ‘s’) at the start of the URL and a lock icon displayed in your browser bar (see screenshot).
Look for "https" (with an 's') connections in your browser.
Sniffing
There are other tools that hackers and snoops use called sniffers which capture data over unsecured networks.
When you use unsecured WiFi, these bad guys can capture all the traffic you send over the connection including your emails and passphrases and any other data, such as credit card information, you are transmitting.
This is one reason you should never do any banking or online shopping or access any sites that require your usernames/passwords over unsecure public WiFi.
To help safeguard your WiFi security and protect yourself, use only verified https connections (again, note the ‘s’) as this means the data sent to and from your device is encrypted. This way, even if the data is intercepted by a hacker or snoop, it will be completely unintelligible to them.
Always trust your instincts and have a look around to make sure that you do not have any overly curious neighbors sitting close to you. That said, adversaries employing sniffing methods do not have to be in your immediate vicinity and could even be sitting in a car parked outside.
How to Stay Safe on Public WiFi
If you insist on using public WiFi, here are some ways to protect yourself:
- Know the risks and vulnerabilities (read 'Spoofing' & 'Sniffing' above)
- Don’t access work or banking accounts, or enter credit card details over public WiFi
- Only access secure https sites
- Don’t join random or unknown networks
- Only join public WiFi when you really need it
- Use mobile Internet which is safer than WiFi
- And most importantly…use a VPN!
Use a VPN to Stay Safe on Public WiFi
The most effective – and in fact, one of the easiest – ways to stay safe while using public WiFi is with a VPN, or virtual private network.
In short, a VPN creates a sort of tunnel between your device and the VPN’s server. Your data is encrypted as it travels along this tunnel, making it much harder to read, intercept, or infiltrate. It basically acts as a middleman between you and the Internet, protecting your data and privacy in the process.
VPNs also have some other handy uses for travelers:
- Access blocked websites, whether they’re blocked by the country or the WiFi provider
- Access geo-restricted content, like Netflix for your home country
- Bypass Internet caps and restrictions
- Download torrents, watch online erotica and stream content without it being linked back to you
That’s on top of the data encryption, malware protection, and enhanced privacy. While we think all Internet users should use a VPN, it’s an absolute necessity if you travel or otherwise use public WiFi frequently.
Here are our top recommended VPNs for protecting yourself from the dangers of hotel WiFi. The good news is, all three are affordable, easy-to-use and come with full money-back guarantees. 🙂
VPN SERVICE | BEST PRICE | MORE INFO | ||
1 |  | • best VPN overall | save 70% | Try risk-free for 30 days |
2 |  | • fastest VPN | save 49% | Try risk-free for 30 days |
3 |  | • cheap VPN | save 82% | Try risk-free for 30 days |
Free WiFi VPN?
Although tempting, do not use a free VPN service to protect yourself on WiFi.
Premium VPNs aren't free but can cost as little as $3/month and are worth every single penny as VPNs have many uses.
Read more about why you should avoid free VPN services.
Disconnect from Public WiFi When Not Using It
If you are using your device in a public place without the need to connect to WiFi (for example, if reviewing photos saved on your phone or laptop), turn off your device’s wireless connection.
On most laptop computers a quick key press will disable your wireless networking. Similarly, most tablets and smartphones can quickly be put in airplane or flight mode.
Why leave your device unnecessarily open for attack?
Learn how to secure your WiFi router at home.
How to Protect WiFi from Neighbors & Hackers
It’s easy to pick on public WiFi, but many home set ups are just as insecure too.
Wireless routers (pictured here) allow devices to access your Internet connection from a distance without all the messy wires running from each device to the router box.
If you don’t set up your WiFi wireless network correctly, hackers can access it and exploit it.
In fact, if your wireless network is set up poorly enough, it’s not only sophisticated hackers or snoops you have to worry about but also regular people, such as your neighbors, stealing your connection and potentially making other problems for you.
Check if Your Internet Connection is Open & Vulnerable to Attack
You can double-check your home network security by asking a friend to come over with their wireless Internet-enabled device (for example, their laptop, tablet or smartphone) to see if your wireless network is visible and, if so, whether it allows them to access your Internet connection.
Even if your friend is prompted for a password, a risk remains (though only from more sophisticated adversaries) because wireless passwords may be easy to crack and anyway are no harder to crack than other passwords.
The Damage Hackers Can Do
But a neighbor piggybacking on your WiFi connection is just the tip of the iceberg.
Sophisticated hackers can do much more damage by exploiting your WiFi, ranging from capturing sensitive data you send over the Internet to completely hijacking your devices without your knowledge.
For example, your WiFi could be used to launch attacks on other victims.
Hackers could download illegal materials, route spam, launch Trojan malware or DDoS distributed denial of service attacks using your connection and devices.
In all of these cases, it will be your IP address showing up in any logs. In other words, the authorities could be knocking on your door to ask questions or even make an arrest.
War Drivers are Looking for Unsecured WiFi
Professional hackers known as war drivers are in search of unprotected WiFi, sometimes noting the details of the open networks they find, along with GPS coordinates, and sharing the information with fellow hackers.
These hackers employ a variety of equipment, apps and tools to detect open wireless networks. Hackers will move around, either on foot or in a car, with a wireless Internet-enabled device trying to gain access to open wireless networks. That’s because wireless connections can be detected over a long range, extending to next door and even to the roadside.
Follow these steps to protect your WiFi connection from hackers or neighbors alike.
How to Properly Configure Your WiFi Network at Home
Take the steps below to properly configure your wireless network and protect your home WiFi.
Although these steps are straightforward, many people do not apply them, leaving their WiFi open to attack.
For the precise details related to your specific brand of router, consult its manual for everything you need to know. There are also plenty of good online tutorials you can find by typing the model of your router into your favorite search engine. You should spend some time reviewing these instructions as it is important to understand your router’s features and take steps to secure it.
Change Your WiFi Router’s Default Username & Passphrase
The first thing you should always do is change your WiFi router’s default password.
For example, many home WiFi routers now come with a web interface with the default username “admin” and the password “admin”. If these are left unchanged, it’s easy for hackers to guess these default username and passwords. This is especially true because default passwords are widely available online, including in online user manuals.
Even an amateur could gain access to your wireless router in this way.
Here’s a short sample video for a popular brand of router (remember, the instructions for your router may differ).
When setting a new password for the router, as always, make it a strong one. If you need a refresher, see our guide to strong passwords.
Disable your WiFi Router’s Automatic Broadcasting Feature – Service Set Identifier (SSID) Settings
A WiFi router automatically gives off a signal on a regular basis, broadcasting its ID number. This enables nearby devices to “see”, find and connect to it. This broadcasting feature is called service set identifier or SSID.
It is important that you disable your router’s automatic broadcasting feature by changing its SSID setting. This may sound complicated, but it isn’t. Taking this step will help ensure that your WiFi network is not being announced to neighbors or hackers.
You can easily set up your router so that it does not automatically broadcast its SSID number. Instead, manually enter the SSID number of your WiFi router into each of your devices so that your WiFi network stays hidden. If your router’s broadcasting is turned off, your WiFi router will not be advertised to war driving hackers, snoops or your nosy neighbors.
In fact, disabling broadcasting means third parties will not even be aware of your WiFi network, though some sophisticated adversaries may still be able to detect it in some circumstances.
To turn off your specific router’s SSID broadcasting function, please check the manufacturer’s manual. It is usually a matter of finding the correct option in the menu and simply disabling it. Easy!
Here’s a brief sample video for a well-known router brand (remember, your router instructions may differ).
Enable (Stronger) Encryption for Your Wireless Connection
Technology is changing all the time and WiFi routers are no exception.
For this reason, routers are usually backward compatible meaning that they will still support older technologies. Otherwise, your older devices wouldn’t be able to connect to your wireless network.
Without getting into the entire mumbo jumbo, simply make sure that your router is configured to use the latest encryption method which is WPA or WPA2. The older technology, WEP, can be cracked much more easily. So double-check to make sure that your router is configured to use WPA/WPA2.
Here’s another short sample video for a popular brand of router (remember, the instructions for your router may differ).
Prevent Stranger’s Devices from Accessing your WiFi Network – Using Media Access Codes (MACs)
One of the best means of protection is to restrict your wireless network on the basis of media access codes (MAC).
A MAC is like a social security number that uniquely identifies a wireless-enabled device or piece of equipment. Every wireless device has its own MAC address.
You can set up your WiFi network to work only with the MAC numbers you permit by entering these MAC addresses into your router’s settings.
It’s kind of like having a bouncer guarding your WiFi connection: if your name isn’t on the list, you don’t get in. If the device’s MAC address isn’t on your WiFi router’s permitted list, it won’t be allowed to connect to your WiFi network.
Doing this keeps your WiFi router hidden from other devices whose MAC numbers have not been entered in the router’s setup. The process varies for each model of WiFi router, so check your router’s manual for details.
While this method does mean you will have to enter the MAC addresses for each new device you buy, that is a small inconvenience for a big security benefit.
How to Determine your MAC Address in Windows
Wondering how to find your device’s MAC number? No problem.
To determine the MAC address for your Windows-based device, type command in the Start menu, and select Command Prompt.
An old-fashioned DOS-like window will open. If you type IPCONFIG /ALL a list (usually not too long) of your relevant settings and configurations will be displayed. Look for your Wireless Network Adapter and note the long series of letters, numbers and dashes beside Physical Address.
Voila! You have now determined your Windows device’s MAC address (the number ending in -39-BA in the middle of the screenshot).
Displaying the MAC address with the IPCONFIG /ALL command
Once you have the information you need, exit the command window by typing Exit. You will now need to enter the relevant MAC address in your router’s settings.
MAC address of an Android device
To determine the MAC address of an Android device:
- go to your main menu (select the circle with the 6 squares in it)
- scroll through the alphabetical icons, find Settings (a silver gear) and select it
- scroll down to the ‘System’ heading and select About tablet
- further select Status
- scroll down the window that pops up until you see Wi-Fi MAC address.
Long touching the MAC address displayed will copy it to your clipboard for easy pasting when you need to enter it into your router's settings.
Displaying the MAC address of an android device
Wrap-Up
WiFi is now indispensable in our daily lives, but it brings real risks.
If you take the steps outlined above you can protect yourself from unsecured WiFi risks, both in public and at home.
Make sure you are not easy prey for hackers or neighbors that might exploit your WiFi.