Public Wi-Fi Security: How to Stay Safe on Open Networks

Public Wi-Fi has a scary reputation, and some of it is outdated. Modern web encryption has quietly fixed the worst old risks. But "less dangerous than you heard" is not the same as "perfectly safe," and a few precautions still matter. Here is a clear-eyed guide to staying safe on open networks.

What changed: HTTPS everywhere

The classic fear was that anyone on the same Wi-Fi could read your traffic and snatch passwords out of the air. Today, the vast majority of websites use HTTPS, which encrypts the connection between your device and the site. On an HTTPS site, someone snooping the network sees encrypted gibberish, not your password or messages. Your browser shows when a connection is secure, and modern browsers warn loudly when it is not.

This single change neutralized the most common public-Wi-Fi attack. So the headline is reassuring: on properly encrypted sites, eavesdropping on open Wi-Fi is largely a solved problem.

The risks that remain

It is not all clear, though:

• Fake hotspots. An attacker can set up a network named "Free Airport WiFi" to lure you in, then try to manipulate your traffic or serve fake pages. Connecting to an unknown network is a small leap of faith.
• Phishing and fake login portals. Some attacks show a fake "sign in to use this Wi-Fi" page to harvest credentials. See how to spot a phishing attack.
• Unencrypted connections. A minority of sites and apps still do not encrypt properly; on those, an open network is genuinely risky.
• Shoulder surfing. Low-tech but real: people physically watching your screen and typing in a crowded place.

Practical tips that actually help

1. Make sure sites are HTTPS before entering anything sensitive. Your browser indicates secure connections and warns about insecure ones.
2. Use a VPN on untrusted networks if you handle sensitive work. It encrypts all your traffic, covering apps that might not, and hides activity from the network operator.
3. Turn off auto-join for open networks so your device does not silently connect to look-alike hotspots.
4. Enable two-factor authentication. Even if a credential is somehow captured, 2FA stops it from being enough. See what is two-factor authentication.
5. Be wary of Wi-Fi login portals asking for accounts or payment; verify you are on the legitimate network.
6. Avoid revealing passwords on screen in crowded spaces.

Where your password habits help

Strong security on public Wi-Fi is mostly about good general habits rather than the network itself. Unique passwords mean a single captured credential cannot cascade; 2FA means a captured password is not enough; and a password manager fills credentials only on the genuine site, sidestepping fake portals. On a Mac, Passlock keeps your passwords offline in the Keychain, so nothing about your vault travels over any network, public or private.

The modern reality: public Wi-Fi is far safer than its reputation thanks to HTTPS, but stay alert to fake networks and phishing, use a VPN for sensitive tasks, and keep your accounts behind unique passwords and 2FA.