The OnGuardOnline.gov website, operated by the Federal Trade Commission, Justice Department, Homeland Security and other federal agencies, is warning people to be careful around WiFi hotspots. The agency says that users on public WiFi hotspots should only log in to websites that are fully encrypted. Encrypted sites have an https at the beginning of their address and typically have a lock in the lower right corner of the browser. The agency says that hotspots that don’t require a password are not secure and suggests you only use hotspots with WPA (not WEP) encryption. The WiFi Alliance recommends that you use WPA-2 if you have the option.
The agency offers the following advice:
- When using a Wi-Fi hotspot, only log in or send personal information to websites that you know are fully encrypted. And keep in mind that your entire visit to each site should be encrypted – from the time you log in to the site until you log out. If you think you’re logged in to an encrypted site but find yourself on an unencrypted page, log out right away.
- Don’t stay permanently signed in to accounts. When you’ve finished using an account, log out.
- Do not use the same password on different websites. It could give someone who gains access to one of your accounts access to many of your accounts.
- Many web browsers alert users who try to visit fraudulent websites or download malicious programs. Pay attention to these warnings, and take the extra minute or so to keep your browser and security software up-to-date.
- If you regularly access online accounts through Wi-Fi hotspots, use a virtual private network (VPN). VPNs encrypt traffic between your computer and the internet, even on unsecured networks. You can obtain a personal VPN account from a VPN service provider. In addition, some organizations create VPNs to provide secure, remote access for their employees.
- Some Wi-Fi networks use encryption: WEP and WPA are the most common. WPA encryption protects your information against common hacking programs. WEP may not. If you aren’t certain that you are on a WPA network, use the same precautions as on an unsecured network.
- Installing browser add-ons or plug-ins can help, too. For example, Force-TLS and HTTPS-Everywhere are free Firefox add-ons that force the browser to use encryption on popular websites that usually aren’t encrypted. They don’t protect you on all websites – look for https in the URL and the lock icon to know a site is secure.