Cybersecurity 101: Public WIFI

On a recent trip visiting Pondurance customers, I remembered a question we get asked quite a lot here: "Is it safe to use public WIFI?"  The answer is generally "Yes,' but there are some things to be aware of and precautions to take, so let's dig into the topic.

Is Public WIFI Safe?

Generally speaking, public WIFI is quite safe to use.  While this was not the guidance those of us in Cybersecurity offered only a few years ago, a lot has changed since then that has made use of "unsecured" WIFI much safer than it used to be:

Nearly all applications and websites now use Transport Layer Security (TLS), which used to be called Secure Sockets Layer (SSL) and is often still referred to informally by the older name. This means that all data transfer between you device and the app/website is encrypted, making it nearly impossible for anyone snooping on your WIFI connection to know what you're sending and receiving from your bank, social media sites, or most anything else you browse or access. 

TLS itself has gotten more secure in the last several years.  There's quite a lot of technical information behind the hows and whys there, but the short version is that the type of encryption now required by the current TLS standard is significantly stronger than in previous versions. While it is possible to break that encryption, a modern website connection encryption key would take years for most hardware to actually break. This means that - unless you see someone sitting near you with a stack of powerful server devices in a datacenter rack - your encryption is safe from being broken and decrypted. 

Browsers have begun to flag any site that isn't using modern encryption as "Unsafe" - often very visibly right in the address bar.  No longer do Edge, Chrome, Safari, Firefox, Brave, or other browsers show a green lock icon when a site is encrypted; they now just show a red warning when the site is not encrypted because TLS encryption is the standard these days.

Care is Still Required

This isn't to say you should just connect to public WIFI willy-nilly, though.  There are still some dangers, but they're no longer specific to public WIFI, and instead are things you should watch out for with any WIFI connections:

Always make sure you know what WIFI to connect to.  Don't just assume that because you are in an airport, anything called "Airport WIFI" is something you should connect to. Look around for signs which identify which WIFI network you should use, and don't be afraid or embarrassed to ask the staff of the airport, bar, coffee shop, etc. While there isn't a lot that a rogue WIFI operator could really do, it is still a wise idea to only connect to the official WIFI hotspot of the establishment you are in. 

Look out for websites that show any kind of warning in the address bar like the one shown here.

This indicates that the website is not using TLS, and therefore your communication with that site could be snooped on. This is a very rare occurrence these days, as nearly every website uses TLS in order to operate properly on the modern Internet.  If sites that you know are secure are suddenly showing up as not secure, disconnect from the WIFI and double-check to make sure you are on the correct hotspot.  Anything that allows something between you and the website to be unencrypted will cause all sites to suddenly become unsecured and throw up that warning. 

Be on the lookout for any pop-up messages or messages about the website re-directing you to another site. With the exception of a pop-up "captive portal" like the one shown here

that you will find when you first connect to public WIFI hotspots, you shouldn't see pop-up messages or re-directions which show notifications.  These can indicate that the hotspot and/or the website have been compromised to attempt to deliver malware to your computer.  Disconnect, and let someone at the location where the hotspot exists know what happened so they can have the issue corrected.  The initial "captive portal" message is expected and safe, any other weird pop-ups or re-directs are not.  

There is one exception to this rule.  Some hotspots do not use a "captive portal" login.  There will be signs posted with the WIFI information that you need to open a browser to get connected.  That logon site will most likely show up as unsecured, or you will get a message about a re-direct to a non-secure site.  This is expected, and the logon portal should not require you to give up any information beyond possibly your email address.  Never type in passwords, identification numbers, or any other private information on these logon sites.  Once you are logged on, ensure that any site you go to from that point onward is not showing warnings or errors. 

Finally, use good online hygiene and common sense no matter where you connect to the Internet.  Be it at your office, at a coffee shop, or at home; you should always be careful of phishing messages, fake websites, and other online dangers.  These don't get more significant on public WIFI, but they are equally present whenever you connect to the Internet. 

Verdict: Is it Safe? Also, What About a VPN?

Yes, public WIFI has become significantly safer to use in the last few years.  A combination of better security provided by the WIFI hotspot providers and improvements in app/website security have made using public WIFI something everyone can do. Look for errors or warnings, make sure you know which hotspot to connect to, and utilize the same Internet safety techniques you would use anywhere else; and you will be just fine. 

Virtual Private Network (VPN) services - like NordVPN, Express VPN, or those provided by your employer - are generally not required these days for surfing the web when on public WIFI.  If your employer has installed one on your work laptop/phone/etc. you should use that tool because it is performing other security tasks for your company, but you don't need to use a VPN otherwise.  VPN services can make your browsing slightly (very slightly) more private, but they won't make it more or less safe; so feel free to use one if you would like to, but don't worry if you need to get online and don't have a VPN available.

About the Author:

Michael DeNapoli is a seasoned Senior Solutions Architect with more than 25 years of experience in cybersecurity, solution architecture, and enterprise systems design. Throughout his career, he has led technical strategy, security architecture, and advanced solution development for organizations ranging from emerging security vendors to global enterprises. Michael’s expertise spans cybersecurity operations, cloud architecture, technical sales leadership, security posture management, and identity protection, with a proven track record of guiding clients through complex technology challenges. Today, he brings his deep industry knowledge to Pondurance as a Senior Solutions Architect, helping organizations strengthen their security foundations with clarity and confidence.