- Home
- What is a VPN
- Wi-Fi VPN
Wi-Fi VPN: Security tips for free public networks
Public Wi-Fi at hotels, airports, and cafes exposes you to real privacy and security risks. Learn how ExpressVPN keeps you safe, even on unsecured Wi-Fi networks.
6 types of public Wi-Fi security risks
Using the internet over unsecured, public Wi-Fi networks puts you at risk of specific types of cyberattacks and other criminal acts.
Packet sniffing
A hacker records all the data that passes between you and the unsecured Wi-Fi router by examining data packets. Generally, network administrators use packet sniffing tools to monitor and protect network traffic. However, hackers use these tools to steal information.
Rogue Wi-Fi networks
A hacker sets up a fake network that masquerades as a legitimate one to steal information from unsuspecting users who connect to it. This method may also be used to infect a user’s device with malware and viruses.
Man-in-the-middle attacks
A hacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. There are several types of man-in-the-middle (MITM) attacks. The most commonly used MITM attack is IP spoofing, where a hacker tricks unsuspecting users into thinking they're interacting with a website, hoping they'll give up personal information that could be stolen.
Identity theft
Using man-in-the-middle attacks, hackers can steal personal information found on a device connected to public Wi-Fi. Identity theft usually involves stolen information that hackers can then use to impersonate a victim. With enough financial information, a hacker could withdraw money and make purchases in their victim's name.
Data breach
A hacker uses an unsecured Wi-Fi router to illegally access personal information from unsuspecting users. Personal data like photos, videos, and credit card information might be at risk during a data breach.
Malware infection
A hacker could distribute malware or viruses to unsuspecting users on any device connected to an unsecured router through Wi-Fi. If on public Wi-Fi, avoid clicking on pop-up ads or videos as they might harbor dangerous viruses that could infect your devices.
How a VPN stops hacking through Wi-Fi
Let’s suppose someone is trying to hack your phone through Wi-Fi with a packet sniffing program. If the Wi-Fi is unsecured, this public Wi-Fi hacker may be able to read your traffic directly. A VPN can help secure an unsecured Wi-Fi.
ExpressVPN prevents this kind of Wi-Fi hacking by creating an encrypted tunnel between your device and a secure VPN server:
Is it safe to use public Wi-Fi with a VPN?
Public Wi-Fi hackers will be unable to read any data inside this encrypted tunnel.
Now let’s say you’re trying to connect to hotel Wi-Fi, but you accidentally connect to a hacker’s rogue Wi-Fi network instead. Without any additional security, the hacker can read and alter any unencrypted communication, or even inject malicious code onto your device.
With ExpressVPN, however, the encrypted tunnel prevents hackers from reading, injecting, or altering any data.
Wi-Fi hackers can also use a man-in-the-middle (MITM) attack to break encryption and impersonate sites you are visiting so they can intercept your traffic without your knowledge.
Wi-Fi security protection on every device
ExpressVPN has apps for every device you connect to Wi-Fi, including Windows, Mac, iOS, Android, Linux, and more.
Looking for VPN Wi-Fi security on your router? The ExpressVPN app for routers protects every device, including gaming consoles like PlayStation and Xbox, on your home or office Wi-Fi simultaneously.
Tips for using public Wi-Fi securely
1. Use a VPN
A VPN can help you stay private and safe on an unsecured public Wi-Fi connection by encrypting your internet activity and shielding it from snoops. Your online traffic gets sent through an encrypted tunnel to prevent interception.
2. Avoid accessing bank accounts
Possibly the most sensitive accounts you access online are banking and other financial services. Best not to log in to them over public Wi-Fi and wait until you are on a network you trust (such as your home Wi-Fi).
3. Don’t stay permanently signed in to accounts
An attacker over Wi-Fi could more easily affect your online accounts if you are logged in to them. This is one reason it’s always a good idea to log out of a website or app after you’re done using it.
4. Set your device to forget previously used Wi-Fi networks
Just because you used a public Wi-Fi service once doesn’t mean you’ll want to connect to it again. Forgetting the network prevents your device from automatically connecting to it when you’re nearby, lowering your risk of unknowingly using an unsecured network.
5. Keep your operating system and apps updated
Vulnerabilities in outdated software or apps are often exploited by threat actors. It is best practice to keep them up to date to ensure they have all the latest security patches.
6. Check for a secure connection
While it’s hard to tell if a public Wi-Fi network is secure, at the very least it should require a password to log in. Also check for the padlock symbol when you are using a browser, which indicates HTTPS encryption. When in doubt, turn on a VPN.
7. Connect via LAN
Attacking a device over an Ethernet connection requires a hacker to gain access to its cable and router, so it’s not as easy as intercepting Wi-Fi traffic. Ethernet would be a good option when you are in a hotel room, for example.
8. Stick with HTTPS
HTTPS sites use the SSL/TLS protocol that encrypts all communication and traffic to prevent malicious third parties from stealing your data. You can tell that a web page uses HTTPS if there is a padlock symbol next to the URL. Leave a site immediately if it does not use HTTPS, especially when you’re using public Wi-Fi.
9. Avoid using AirDrop and other file-sharing tools
Apple’s AirDrop function allows for easy fire sharing across devices, and while that’s great, it can also make it easy for someone to send you infected files. If someone unexpectedly sends you something by AirDrop, do not accept it.
FAQ: About public Wi-Fi security
You can never assume a public Wi-Fi network is secure; in fact, it’s almost impossible for a user in a cafe or hotel to know for sure how secure the Wi-Fi is. However, requiring a password does indicate a most basic level of security.
For public Wi-Fi users, the easiest way to ensure a secure connection is by turning on a VPN app. This encrypts your internet connection and protects you from cyberattacks.
For business owners who operate a public Wi-Fi network, always change your Wi-Fi’s name (SSID) and password from the default, and keep your router up to date with the latest software to ensure you have the latest security patches.
Wi-Fi admins could potentially see what you’re doing if your connection is unencrypted. While they probably won’t be able to read your messages, they might be able to know the sites you visit and how much time you spend on them.
If your connection is encrypted, such as with a VPN turned on, admins will only be able to see packets of encrypted data being sent to the server from a device, but not what the packets contain.
Wi-Fi (a play on “Hi-Fi”) is a local area wireless technology that lets devices network with each other over radio frequencies. Those frequencies are the 2.4 GHz UHF band and the 5 GHz SHF band.
A Wi-Fi network is broadcast by a Wi-Fi router, which allows multiple devices to connect to a wireless local area network (WLAN) at once. The router subsequently connects each of those devices to the internet. Most Wi-Fi networks are password-protected.
The distance and strength of a Wi-Fi signal depend on the environment and the router, but a single home router can generally cover an entire household.
A Wi-Fi hotspot is a physical location where you can connect a Wi-Fi-enabled device to the internet over a public wireless network. Wi-Fi hotspots are common in retail businesses and transportation hubs, such as cafes, hotels, and airports. These organizations and businesses install Wi-Fi routers for customers and the public to use.
While many Wi-Fi hotspots use WEP or WPA security protocols to encrypt your connection, others have no such security features, leaving you and your data vulnerable to malicious third parties. Whether a hotspot is password-protected or not, it’s a good idea to connect to a VPN when using it, which will encrypt all traffic before it leaves the device.
Hotspots can also be set up on smartphones, known as mobile hotspots. The smartphone uses a 3G or 4G connection to provide internet through its Wi-Fi chip to nearby devices.
Like with other public Wi-Fi networks, hotel Wi-Fi comes with security risks including the ability for hackers to abuse open, unsecured networks.
Connecting to a VPN while using your hotel’s Wi-Fi will encrypt your internet connection, securing all your information from snoops.
Wi-Fi admins could potentially see what you’re doing if your connection is unencrypted. While they probably won’t be able to read your messages, they might be able to know the sites you visit and how much time you spend on them.
If your connection is encrypted, such as with a VPN turned on, admins will only be able to see packets of encrypted data being sent to the server from a device, but not what the packets contain.
Learn more about using a VPN
What is a VPN?
Get to know how a VPN protects your online traffic from snooping
Encrypt your data
Strong encryption protects your data and communication
How fast is your VPN?
Find out what affects VPN speeds and how to find the fastest server for you
Security and privacy
Ready to try the best VPN for public Wi-Fi?
A VPN is essential protection when using public Wi-Fi. Give ExpressVPN a try. You’re 100% covered by our 30-day money-back guarantee.