Skip to Main Content
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

Avoid the Scammers: 12 Tips for Public Wi-Fi Hotspot Security

Public Wi-Fi hotspots can be a hacker's paradise. Following these basic security tips can mean the difference between safe surfing and an ID theft or data-loss nightmare.

By Eric Griffith
Updated March 1, 2024
Composite of woman using her laptop in a public place (Credit: PCMag Composite; Shutterstock / George Rudy, gowithstock)

People are addicted to free Wi-Fi. They need it, they crave it, and they don't think twice about connecting to any network that can get them online. Getting Wi-Fi in a hotel, on an airplane, even in a restaurant or bar drives decision-making on where to go and stay. Many people even use public Wi-Fi in hotels/rentals to watch adult content—and I'm not talking about True Detective on Max.

Yet most people can't tell a secure Wi-Fi network from an insecure one.

For many, public Wi-Fi is too convenient to ignore. But hotspots you don't know can be risky. It's not that hard to make sure you're secure. Some of the tips below involve common sense, while the rest you can set up before you leave the house or office. Make sure the next hotspot you connect to—be it in a café or in the sky—isn't a security nightmare waiting to happen.


1. Pick the Correct Network

Pick Correct Network
(Credit: PCMag)

Have you ever tried to connect to public Wi-Fi and seen multiple network names that are similar but not the same? EricsCoffeeHaus versus EriksCoffeeHaus, or HiltonGuest versus HiltonGuests, for example. This is a tried-and-true man-in-the-middle attack used by hackers—dubbed Wi-Phishing. It tries to trick you into logging into the wrong network to get to your info. Most people don't take the time to check, they simply jump on the strongest, open signal they see. Always check that you picked the legitimate network. Just ask someone who works there for the proper network name if it's not posted.


2. Pick a Secure Network

When you want to pick a Wi-Fi hotspot to log into, try and find one that's got you locked out. You read that right. Usually, if you see the lock icon, it means you can't get access. Networks with zero security don't have a lock icon next to them. On an iPhone, if you click an unsecured network—even if it's your own at home—you'll get a warning that reads Security Recommendation.

Of course, this isn't a hard and fast rule. Some hotspots don't show the lock because they have what's called "walled garden" security: You have to log in via a browser to get access to the internet. The login usually is provided by the hotspot—you may get it from the front desk at a hotel, for example, while checking in.

It's best to stick to hotspots where the provider—be it a conference, hotel, or coffee shop—provides you with a clear network to choose, plus a password to grant access. Then you know you're on the network you're meant to be using.


3. Ask to Connect

Ask to Connect
(Credit: PCMag)

You can set most devices to ask for permission before they connect to a network, rather than just automatically latching onto the strongest open network signal, or a network they've connected to before. That's a good idea. Never assume the network you used in one place is as safe as one with the same name in another place. Anyone with the right tools could spoof a Wi-Fi network's broadcast name (called the SSID).

If the device asks first, you've got a chance to decide whether it's safe to connect or not. On iOS for example, go to Settings > Wi-Fi > Ask to Join Networks and select Ask. On Android, the exact path will vary, but look for Network & Internet > Wi-Fi > Network preferences in Settings. Turn on Notify for public networks.


4. Be Your Own Hotspot

PERSONAL HOTSPOT ON IPHONE
(Credit: PCMag)

Rather than risk everyone in a group using iffy Wi-Fi, one person could designate their own device as the hotspot. Almost all laptops and phones make it easy to become your own hotspot for others. It won't be fast, but it will be more secure.

Windows: Turn it on at Settings > Network & Internet > Mobile Hotspot. Pick the kind of internet connection used (if there is more than one option; this is best if you've got an Ethernet connection), and copy the name of the network to hand out to people (change to something easy), as well as the network password they need for access (again, change it to something with eight characters at least).

macOS: Go to Apple Menu > System Preferences > Sharing and click the Internet Sharing box. Pick a connection type to share, how you plan to share it (Wi-Fi, duh), then click Wi-Fi options to name the hotspot and give it a password.

iOS: Go to Settings > Personal Hotspot to toggle on Allow Others to Join. You can also reset the password here to one that's a minimum of eight characters.

Android: Look under Settings > Network & internet > Hotspot & tethering.


5. Take a Hotspot With You

T-Mobile Inseego MiFi X PRO 5G (M3000)
(Credit: Dave LeClair)

Public access Wi-Fi is great, but you could just carry your hotspot. Cellular modem hotspots have their own battery, use cellular backhaul for an internet connection, and provide multiple people with Wi-Fi access. Sure, it costs more, but it might be worth it if you've got a lot of traveling ahead. Our top pick depends on your carrier (see our roundup of the Best Mobile Hotspots). Overall, this is much more secure than using publicly provided Wi-Fi. But it will cost you more, either in money or data (or both).


6. Subscribe to Hotspots

Gogoair.com is something people use
Gogoair.com (Credit: PCMag)

Services like Boingo—which partners with others to provide access to over 1 million hotspots around the globe—or Gogo, which provides hotspots specifically for planes in flight, are two of the names in subscription Wi-Fi services. Pay them a monthly fee—which can get pricey—and you know when you find their certified hotspots, they're a lot less likely to be run by the bad guys. (Not impossible, but pretty unlikely.)


7. Avoid Personal Data in Hotspots

Taxes ugh
(Credit: JJ Gouin/Shutterstock.com)

This is less a technical tip than a behavioral one. If at all possible, avoid doing serious tasks like bill paying, accessing your bank account, or even using your credit card when connected to public Wi-Fi. And filing your taxes at a hotspot? No way. Save those transactions for when you're connected safely to your home network, where you're a lot less likely to get targeted by snoops, since you already keep that one secure, right? If you absolutely must do the above, read on.


8. Avoid Using Your Passwords

passwords are not safe guys
(Credit: ronstik / Getty Images)

There are a lot of passwords to remember, and you probably have to enter a few even while you're on public Wi-Fi. But if you've been compromised—say some hacker is sniffing the airwaves and pulling down data—anything you type and send to the internet could be equally compromised. That's one of the many reasons you should use a password manager. They store passwords for you and keep them encrypted, even on mobile apps. If you do use passwords, try to make sure they're on sites where you have multi-factor authentication set up. Better yet, start using passkeys.


9. Check for a Secure Connection

Most websites use the HTTPS protocol to support SSL (Secure Sockets Layer) to make your connection to them more secure. Browsers like Chrome warn you if you visit a site without it. You can tell if the site you're on uses HTTPS even if you can't see it listed in the URL (in the first part, as seen in "https://www.pcmag.com"). For example, a lock icon and the word "Secure" appear at the start of the address bar in the Chrome browser on the desktop (the lock also appears on most smartphone browsers).

Almost all the major desktop browser have a setting to warn you if you encounter an unsecured site and will force the site to try and load with HTTPS. Quick instructions:

  • Microsoft Edge: go to edge://flags and find Automatic HTTPS and set to Enabled.

  • Mozilla Firefox: In Settings type HTTPS in the search box, click the button next to Enable HTTPS-Only Mode.

  • Google Chrome: Go to Settings > Privacy & Security > Security > Always Use Secure Connections and toggle it on.


10. Use a VPN

How a VPN Works
PCMag Logo How a VPN Works

This should go without saying by now: You need a virtual private network (VPN) when you're on a public network. While this was moderately good advice the first time we wrote this story a decade ago, we now live in a digital surveillance/hacker state that rivals Orwell's 1984.

A VPN creates a private tunnel between your laptop or smartphone and the VPN server on the other end, encrypting your traffic from snoops—even your ISP or the operator of the hotspot itself. To find the one that's right for you, read our roundup of the best VPN services. Put it on all your devices that use public Wi-Fi of any sort. Even on your home Wi-Fi. You'll be glad you did. (For complete anonymity, use the Tor network.)


11. Turn Off Sharing

Public Networks - Sharing and discovery options
(Credit: Microsoft/PCMag)

When you connect to a network with a PC, be it a Windows or Mac, the goal is typically to share some services—at the very least files and printing ability. If you leave that sharing option open at a hotspot and connect to the wrong thing, you're giving bad guys easy access. Disable it before you go out. In Windows, go to Settings > Network & internet > Advanced network settings > Advanced sharing settings.  Under Public Networks, turn off Network discovery so your PC isn't seen, and Turn off file and printer sharing to avoid sharing.


12. Keep Your OS and Apps Updated

Operating system (OS) updates are an annoying yet necessary evil. Don't be lulled into a false sense of security because you're a Mac or iPhone user. OS updates are serious business; they often fix security holes. Once an update is available, everyone in the world knows about the holes in the previous iteration—if you haven't patched it, your device becomes low-hanging fruit ready to be plucked by an opportunistic hacker.

Don't forget mobile apps either. App updates also fix serious security holes. Especially the browser apps, but anything that goes online could be vulnerable. On iOS, go to Settings > App Store > App Updates, and toggle it on so apps update themselves. On Android devices you can do the same in Play Store: Click your avatar and go to Settings > Network Preferences > Auto-update Apps, then choose whether you want auto-updates to happen over any network (such as your mobile connection) or just when you're on Wi-Fi.

How to See Who's On Your Wi-Fi
PCMag Logo How to See Who's On Your Wi-Fi

Like What You're Reading?

Sign up for Fully Mobilized newsletter to get our top mobile tech stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.


Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

Sign up for other newsletters

TRENDING

About Eric Griffith

Senior Editor, Features

I've been writing about computers, the internet, and technology professionally for over 30 years, more than half of that time with PCMag. I run several special projects including the Readers' Choice and Business Choice surveys, and yearly coverage of the Best ISPs and Best Gaming ISPs, plus Best Products of the Year and Best Brands. I work from my home, and did it long before pandemics made it cool.

Read Eric's full bio

Read the latest from Eric Griffith