Safe Use of Public WiFi: What You Need to Know Before You Connect

The Convenience and the Risk

Free public WiFi is one of the most sought-after features of cafes, libraries, airports, hotels, and shopping centres. The ability to connect without using mobile data is genuinely valuable, particularly when travelling or working away from home. But that convenience comes with risks that most people using these networks do not fully understand.

Public WiFi networks are, by definition, open or low-security networks used by many people simultaneously. This creates specific opportunities for criminals to intercept data, set up fake networks designed to look legitimate, or exploit vulnerabilities in how devices connect and communicate. Understanding these risks allows you to use public WiFi safely rather than avoiding it entirely.

How Public WiFi Can Be Exploited

The most common attack on public WiFi users is a man-in-the-middle attack, in which a criminal positions themselves between your device and the network, intercepting data as it passes. If you are transmitting unencrypted information, such as login credentials sent to a website without HTTPS, that data can be captured and read.

Evil twin attacks involve setting up a fake WiFi hotspot with a name similar or identical to a legitimate nearby network. Someone connecting to a cafe's WiFi might connect instead to a criminal's hotspot named the same thing. All their traffic then passes through the criminal's equipment. These fake networks are simple to set up and difficult to detect.

Packet sniffing involves using software to capture and analyse data passing over a network. On an unsecured public WiFi network, this data can include browsing activity, login information, and other sensitive information if it is not properly encrypted.

Using a VPN

A Virtual Private Network (VPN) is the most effective single tool for safe use of public WiFi. A VPN encrypts all traffic leaving your device before it reaches the network, meaning that even if someone intercepts the data, they cannot read it. It also hides your browsing activity from network administrators and makes your actual IP address invisible to websites you visit.

Reputable VPN services include Mullvad, ProtonVPN, and NordVPN. Free VPN services should be treated with significant caution: they often make money by logging and selling user data, which directly contradicts the purpose of using a VPN for privacy. A paid VPN subscription costs very little monthly and provides genuine protection across all your devices.

Enable your VPN before connecting to a public network, not after. Some data can be transmitted during the connection window before the VPN activates.

What to Avoid on Public Networks

Even with a VPN, certain activities carry elevated risk on public networks and are best avoided or deferred until you are on a trusted network.

Online banking and financial transactions should ideally be done on trusted networks or via mobile data rather than public WiFi. While banking websites use HTTPS encryption, the additional reassurance of a trusted network is worthwhile for financial activity. If you must use banking on public WiFi, ensure you are using the official app and that your VPN is active.

Logging into accounts with sensitive personal information, including email, cloud storage, and any account connected to payment methods, carries elevated risk on public networks. Use two-factor authentication so that even if credentials are intercepted, the account cannot be accessed without the second factor.

Automatic connection to known networks can be a risk if your device connects to a malicious evil twin. Disable automatic WiFi connection on your device and connect manually and intentionally.

Verifying Networks and Spotting Fakes

Before connecting to a public network, confirm the exact network name with a staff member rather than simply choosing the most likely-looking option from your device's list. Evil twin networks often have names very close to but slightly different from the legitimate network, or identical names set up in the same location.

Check whether the network requires a password and any terms of service acceptance. Legitimate business networks typically have some form of access control, even if it is a simple password obtained from staff. Completely open networks with no authentication at all carry higher risk.

Additional Protective Habits

Keep your operating system, browser, and security software up to date. Security updates patch vulnerabilities that criminals exploit. Enable your device's firewall when using public networks. Turn off file sharing and network discovery features when not on a trusted home or work network.

After using a public network, disconnect and forget the network on your device. This prevents automatic reconnection in future and reduces the risk of connecting inadvertently to a malicious network with the same name in a different location.

Mobile data, while not free, provides a significantly more secure connection than public WiFi for sensitive activities. For anything that genuinely needs to be secure, using your phone as a personal hotspot rather than connecting to a public network is a worthwhile trade-off.