Is public Wi-Fi safe? What to do and what to avoid

Free Wi-Fi at the café, airport or hotel is one of modern life's small pleasures — and one of its quietly risky habits. The dangers of public Wi-Fi are often exaggerated in scary headlines and underestimated in daily practice. Here is a grounded look at what can really go wrong and the simple steps that make public networks safe to use.

What can actually go wrong

The real risks fall into a few categories:

• Evil-twin networks. An attacker sets up a hotspot named to look official — "Airport_Free_WiFi" — and anyone who connects routes their traffic through the attacker's equipment.
• Traffic interception. On an open network, data that is not encrypted can in principle be observed by others on the same network.
• Malicious captive portals. The "sign in to use Wi-Fi" page can be faked to harvest credentials or push malware.
• Automatic reconnection. Your device may silently rejoin a network with a familiar name, including a malicious one impersonating a network you have used before.

Why it is less dangerous than it used to be

There is good news: the modern web is largely encrypted. The overwhelming majority of websites now use HTTPS, which encrypts traffic between your device and the site even on an open network. Apps similarly encrypt their connections. This means that simple traffic interception yields far less than it once did — an eavesdropper on the same Wi-Fi generally cannot read your encrypted banking session or messages.

What to avoid on public Wi-Fi

Despite encryption, some caution remains wise:

• Do not ignore certificate warnings. If your browser warns that a site's security certificate is invalid, stop — this can indicate interception.
• Avoid installing software or updates over public Wi-Fi, where a malicious portal could tamper with downloads.
• Be cautious with sensitive logins on networks you cannot verify, particularly if anything seems off.
• Do not enter credentials into a captive portal beyond what is strictly required to connect — legitimate Wi-Fi sign-ins do not need your email password.

The practical safety steps

1. Confirm the real network name with staff rather than guessing. Attackers rely on plausible-looking names.
2. Use a VPN if you handle sensitive data on public networks. A reputable VPN encrypts all your traffic, neutralising interception and evil-twin risks.
3. Turn off auto-connect for open networks so your device does not silently rejoin look-alikes.
4. Keep your device updated so known network-based exploits are patched.
5. Disable file sharing when on public networks.
6. Use your mobile hotspot instead for anything truly sensitive — your own cellular connection is far safer than a stranger's Wi-Fi.

The captive-portal trap

Those "agree and connect" pages deserve special caution. A malicious one can mimic a legitimate portal and either harvest whatever you type or attempt to push a download. Never provide more than basic connection details, and if a portal tries to make you install an app or "security certificate" to get online, disconnect — that is not normal.

If you suspect something went wrong

If you used a public network and later notice strange account activity, unexpected logins, or new apps you did not install, act promptly: change passwords from a trusted connection, enable two-factor authentication, and scan any files you downloaded with the scanner. If a link from a captive portal led somewhere suspicious, you can check it with our URL scanner.

Public Wi-Fi does not have to be feared — it has to be used thoughtfully. Verify the network, encrypt your traffic, keep your device current, and save the truly sensitive tasks for a connection you control.

Frequently asked questions