The OnGuardOnline.gov website, operated by the Federal Trade Commission, Justice Department, Homeland Security and other federal agencies, is warning people to be careful around WiFi hotspots. The agency says that users on public WiFi hotspots should only log in to websites that are fully encrypted. Encrypted sites have an https at the beginning of their address and typically have a lock in the lower right corner of the browser. The agency says that hotspots that don’t require a password are not secure and suggests you only use hotspots with WPA (not WEP) encryption. The WiFi Alliance recommends that you use WPA-2 if you have the option.
The agency offers the following advice:
- When using a Wi-Fi hotspot, only log in or send personal information to websites that you know are fully encrypted. And keep in mind that your entire visit to each site should be encrypted – from the time you log in to the site until you log out. If you think you’re logged in to an encrypted site but find yourself on an unencrypted page, log out right away.
- Don’t stay permanently signed in to accounts. When you’ve finished using an account, log out.
- Do not use the same password on different websites. It could give someone who gains access to one of your accounts access to many of your accounts.
- Many web browsers alert users who try to visit fraudulent websites or download malicious programs. Pay attention to these warnings, and take the extra minute or so to keep your browser and security software up-to-date.
- If you regularly access online accounts through Wi-Fi hotspots, use a virtual private network (VPN). VPNs encrypt traffic between your computer and the internet, even on unsecured networks. You can obtain a personal VPN account from a VPN service provider. In addition, some organizations create VPNs to provide secure, remote access for their employees.
- Some Wi-Fi networks use encryption: WEP and WPA are the most common. WPA encryption protects your information against common hacking programs. WEP may not. If you aren’t certain that you are on a WPA network, use the same precautions as on an unsecured network.
- Installing browser add-ons or plug-ins can help, too. For example, Force-TLS and HTTPS-Everywhere are free Firefox add-ons that force the browser to use encryption on popular websites that usually aren’t encrypted. They don’t protect you on all websites – look for https in the URL and the lock icon to know a site is secure.
Click Here for my 1-minute CBS News radio segment about the FTC report. For more, check out the FTC’s Tips for Using Public WiFi
Larry Magid is a technology journalist and an Internet safety advocate. He serves as on-air technology analyst for CBS News, is co-director of ConnectSafely.org and founder of SafeKids.com and SafeTeens.com. He also writes columns that appear on CNET News, CBSNews.com, Huffington Post and the San Jose Mercury News.
His technology reports can be heard daily on CBS News and CBS affiliates throughout the U.S. and he has a daily tech segment on KCBS radio in San Francisco. He’s a regular contributor to BBC World Service and an occasional guest on National Public Radio’s Talk of the Nation. He is often called upon for commentary by CBS television news, CNN and Fox News and has appeared on the CBS Evening News, ABC World News Tonight, the Today Show and CBS Early Show. He has also been a frequent contributor to the New York Times and was, for 18 years, a syndicated columnist for the Los Angeles Times.
He has written several books including the best-selling Little PC Book and is co-author (with Anne Collier) of MySpace Unraveled.
Larry served on the Obama Administration’s Online Technology Working Group and the Berkman Center’s Internet Safety Technology Task Force.