Public Wi-Fi Dangers and How to Use It Safely

Free Wi-Fi at the airport, the coffee shop, the hotel, the conference — it's everywhere, and most of us connect without a second thought. But public Wi-Fi networks remain one of the easier places for attackers to spy on your traffic, push fake login pages, or steal session tokens. The risks are real, but they're also very manageable once you know what to do.

What Can Actually Happen on Open Wi-Fi

Evil twin networks. An attacker sets up a hotspot named "Free Airport WiFi" right next to the real one. You connect, and they sit between you and the internet, watching everything you do.

Captive portal phishing. Some "agree to terms" splash pages ask for your email and password "to unlock free Wi-Fi." That credential goes straight to the attacker.

Session hijacking. If a site doesn't enforce HTTPS properly, an attacker on the same network might capture your session cookie and log in as you.

Malware injection. Compromised hotspots can inject fake update prompts or malicious scripts into pages you visit.

The Good News: HTTPS Helps a Lot

The vast majority of websites today use HTTPS, which encrypts your traffic end-to-end. That means an attacker on the same Wi-Fi can see that you visited a website, but can't read the contents or steal your password. The risk is concentrated in the few moments before HTTPS kicks in (like splash pages) and on poorly configured sites.

Use a VPN When You Can

A reputable VPN encrypts everything between your device and the VPN provider, making your traffic unreadable to anyone on the local network. Choose a paid, audited service like Mullvad, Proton VPN, or IVPN. Free VPNs often log and sell your data, which defeats the purpose. Modern phones make turning on a VPN a one-tap affair — make it your default whenever you're on Wi-Fi you don't own.

Use Mobile Data for Sensitive Tasks

Banking, transferring money, accessing work email — when in doubt, switch off Wi-Fi and use your phone's mobile data instead. Cellular networks aren't perfect, but they're far harder for nearby attackers to intercept.

Wi-Fi Hygiene Checklist

1. Forget public networks after use so your phone doesn't auto-reconnect later.

2. Turn off "auto-join" for unknown networks.

3. Disable file sharing and AirDrop in public.

4. Make sure your operating system, browser, and apps are up to date — most attacks rely on patched vulnerabilities.

5. Always look for "https://" in the address bar before entering passwords.

6. Avoid clicking software update prompts that appear on a captive portal page; close the page and update directly from your operating system.

Hotel and Conference Networks Aren't Safer

"It needs my room number, so it must be safe" — not really. Hotel and conference networks are large, shared environments, often with weak isolation between guests. Treat them the same as any cafe Wi-Fi: VPN on, sensitive tasks on cellular, and a healthy dose of skepticism for any pop-up that asks you to log in or update something.

The Bottom Line

You don't need to fear free Wi-Fi — you just need to use it deliberately. Combine HTTPS, a VPN, up-to-date software, and a habit of doing sensitive things on cellular, and the realistic risk drops to nearly zero.