Javascript is not enabled.

Javascript must be enabled to use this site. Please enable Javascript in your browser and try again.

Skip to content
Content starts here
CLOSE ×

Search

Leaving AARP.org Website

You are now leaving AARP.org and going to a website that is not operated by AARP. A different privacy policy and terms of service will apply.

How to Use Free Public Wi-Fi and Keep Your Personal Data Secure

Don't let a hacker spy on your cellphone, laptop browsing and typing

spinner image Close up of group of people using smart phones and laptops in a public setting
Getty Images

Now that restaurants and retailers are reopening, you might find yourself outside a store that's limiting the number of patrons allowed inside. Like everyone else, you might choose to play on your phone while waiting.

Or perhaps you're in a doctor's office that has taken the precaution of removing communal magazines in the waiting room. So you might find yourself pulling out your small tablet instead.

spinner image Image Alt Attribute

AARP Membership— $12 for your first year when you sign up for Automatic Renewal

Get instant access to members-only products and hundreds of discounts, a free second membership, and a subscription to AARP the Magazine.

Join Now

Unless you want to use your mobile data plan to go online, which could get expensive, chances are you'll search for a Wi-Fi hot spot to join for free browsing. The practice is common even if few people are teleworking from coffee shops right now.

But you'll want to be safe while using a hot spot because cybercriminals have been known to exploit these open networks to steal your data. You shouldn't have to trade security for convenience.

Be selective and look for the lock

First things first: If you don't know how to join a hot spot, it usually means opening your device's Settings section, going to Wi-Fi and scanning for nearby networks. If a Wi-Fi name has no padlock beside it, it should be open to join with no password.

The problem is that a network called StarbucksFreeWiFi or HiltonFree might seem innocent enough, but it could be a classic "man-in-the-middle” attack that hackers use to dupe people. You could be joining a rogue Wi-Fi network instead of the real one. For that reason, never allow your mobile phone to automatically join any Wi-Fi network that operates without a password.

Find out the official name of the legitimate Wi-Fi network from the barista, hotel clerk or anyone else who works at the establishment. Your best bet when choosing a hot spot is a secured network — often seen with a lock icon next to the network name — instead of an open network.

In some cases, a Wi-Fi network will look like it's unlocked but will require that you type in a password once you open a browser. This also is fine.

A network that requires a password is better than one without. Also, if you're joining a Wi-Fi hot spot on a laptop, make sure you do not enable any file sharing that your operating system might suggest.

Tips for protecting yourself when using public Wi-Fi

Here are three ways to protect your personal information while surfing the web on public Wi-Fi.

See more Health & Wellness offers >

Buy antivirus software

Good cybersecurity protection on all your devices is essential because it can detect, quarantine, delete and report any suspicious activity. This antivirus software runs in the background until it needs to tell you about something.

Tips to remain safe online

• Back up your important information. Do it at least weekly in case something happens to your laptop, smartphone or tablet. Use free cloud services and local backup, such as a USB flash drive or external hard drive.

• Use strong passwords. Make them at least seven characters long with a combination of letters, numbers and symbols, and mix upper and lower case. Some experts say it's just as effective to use a “passphrase,” such as a line from a song. “Urh3artbeat!” is a modified version of the phrase “your heartbeat” from Taylor Swift's “Cardigan."

• Opt for two-step authentication when possible. Not only do you need your password to sign in but also a one-time code sent to your mobile phone to confirm you're the one trying to log in.

• Download the latest free software updates for your laptop, phone and tablet operating systems if the devices aren't set up to do so automatically.

Most applications will perform routine scans of your computer or mobile device and will update with the latest protection against threats such as malware. (Look for software that will work on your laptop, smartphone and tablet, and lean toward apps with an ability to monitor what you download from app stores and webcam intrusion detection.)

Mac users are not immune to attacks. You also need good security software.

Remain suspicious or go private

While this sounds like a no-brainer, always assume that someone else might see what you do on a public network. So use free Wi-Fi for reading news or streaming music but be wary of tasks like banking, online shopping or reading private email. Don't go to a site where you have to type your username and password.

If you must perform these activities that access personal information, wait until you get home on your own private Wi-Fi network. If you really need to make a transaction, use your own smartphone as a personal hot spot for things like email and banking, but be aware that it will use up data that often has a cap on monthly smartphone plans.

If all else fails and it's important that you, say, buy something online, at the very least look for a secured connection in a web browser, such as a little padlock or the letters “https” in the URL window instead of “http.” The extra “s” stands for secure and means a webpage uses technology called Secure Sockets Layer encryption to encode the information transmitted between the page and your browser.

That way, the data can't be read if a hacker does manage to intercept it. And sometimes not all pages on a website have https in the URL, so make sure to look for that on every page clicked.

Test it out on the page you're reading now. Note that https is at the start of the web address. Note the locked padlock before the https. If you want to explore further, many browsers allow you to double-click on that padlock to see details.

On a mobile app, you can't see a web address, so you don't know whether you're accessing a secure site. Avoid using apps for sensitive transactions while on unsecured public Wi-Fi, but if you have to check on something, switch to your mobile web browser to do what you need to do. That way, you can make certain you're seeing an https in the URL.

Use a virtual private network

virtual private network (VPN) provides a safer way to use the internet because it conceals your online identity. Instead of surfing the internet openly while using a hotel's free Wi-Fi network, VPN software uses encryption technology to ensure that your surfing session is done anonymously, so you're protected from those who want to know what you're doing online. A VPN changes your computer's internet address, also known as an IP address, to hide your real location.

Betternet VPN and Hotspot Shield are free VPNs that work. Other options have a relatively inexpensive monthly or annual fee, such as ExpressVPN, which costs $12.95 a month discounted if you commit to 12 months.

Marc Saltzman has been a freelance technology journalist for 25 years. His podcast, Tech It Out, aims to break down geek speak into street speak.

Discover AARP Members Only Access

Join AARP to Continue

Already a Member?