Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Does a Wi-Fi Log-in Page Mean It’s Secure?

//
Many hotels, airports, and other places with an open Wi-Fi hotspot display a page that I need to log in to or accept terms on before I can connect to the internet. Does that mean it’s a secure connection?

Absolutely not.

This is a critically important distinction to make, and it’s one I’m afraid many people misunderstand.

Become a Patron of Ask Leo! and go ad-free!

Wi-Fi security

Wi-Fi security, or lack thereof, exists in the wireless connection between your laptop and the Wi-Fi access point.

An open Wi-Fi hotspot is not secure, period. It doesn’t matter what happens after you connect.

Wireless Connection

The Rule: if you didn’t have to enter a password in Windows or on your device simply to connect to the network, you are not on a secure network.

Entering a Wi-Fi Key

If you  see a log-in or Terms of Service page — and by that, I mean any page in your browser with pictures and text asking you to log in or confirm acceptance of some terms of service — then you have already connected to the network. The network is displaying that page.

You’ve connected to the network and probably the router; it’s just not letting you get any further until you log in or accept terms.

If you can connect without giving Windows a Wi-Fi password, and you can see anything in your web browser — even that log-in page — then it’s an open Wi-Fi hotspot and it is not secure.

It doesn’t protect you; it protects them

If the connection isn’t secure, what’s that log-in page or “terms of service” all about?

What you’re seeing is called an “interstitial” page that has nothing to do with technology and nothing to do with security. It’s about liability.

Technically, it’s called a “captive portal”, as it “captures” your connection and forces you to read and respond to that intermediate page before you’re allowed further.

Take a close read of the words on that log-in page. Chances are, all you’re doing is agreeing to the terms of service. The wording and specifics vary, of course, but in general, by clicking on “I Agree” (or whatever the button says), you are stating that you:

  • Won’t download porn
  • Won’t use it for anything illegal, like downloading copyrighted material (such as movies)
  • Won’t use it to stream “too much” information, flood the network, or adversely impact other network users
  • Won’t use it … well, in whatever ways the network provider doesn’t want you to use it

Obviously, they can’t prevent you from doing that kind of stuff. But it does allow them to kick you off, and potentially even prosecute you, if you don’t follow the terms of service you agreed to.

So they force you to agree to those terms of service if you want to use their open Wi-Fi hotspot.

That’s all it is. It doesn’t protect you at all. It protects them.

Protecting yourself

So, if this log-in or accept-the-terms page has nothing to do with your security, how do you protect yourself?

Simple. Take all of the usual steps to use an open Wi-Fi hotspot safely.

Or, don’t use the open Wi-Fi hotspot at all. Instead, provide your own, more secure alternative.1

Each week I publish several articles like this covering a variety of tech topics and solutions. Subscribe to Confident Computing -- more articles that help you solve problems, stay safe, and increase your confidence with technology, delivered to your inbox once a week.

Hope to see you there soon,

Leo

Podcast audio

Play

Video Narration

Footnotes &amp References

1: I typically use my mobile phone or a device to connect to my mobile phone provider’s data plan. That hotspot uses WPA2 to secure the connection, which requires a password before you can connect and see anything.

Posted: May 16, 2020 in: Wireless Networking
This is an update to an article originally posted October 1, 2012
Shortlink: https://askleo.com/16526
Tagged: , , , , ,
« Previous post:
Next post: »

New Here?

Let me suggest my collection of best and most important articles to get you started.

Of course I strongly recommend you search the site -- there's a ton of information just waiting for you.

Finally, if you just can't find what you're looking for, ask me!

Confident Computing

Confident Computing is the weekly newsletter from Ask Leo!. Each week I give you tools, tips, tricks, answers, and solutions to help you navigate today’s complex world of technology and do so in a way that protects your privacy, your time, and your money, and even help you better connect with the people around you.

The Ask Leo! Guide to Staying Safe on the Internet – FREE Edition

Subscribe for FREE today and claim your copy of The Ask Leo! Guide to Staying Safe on the Internet – FREE Edition. Culled from the articles published on Ask Leo! this FREE downloadable PDF will help you identify the most important steps you can take to keep your computer, and yourself, safe as you navigate today’s digital landscape.



My Privacy Pledge

Leo Who?

I'm Leo Notenboom and I've been playing with computers since I took a required programming class in 1976. I spent over 18 years as a software engineer at Microsoft, and after "retiring" in 2001 I started Ask Leo! in 2003 as a place to help you find answers and become more confident using this amazing technology at our fingertips. More about Leo.

16 comments on “Does a Wi-Fi Log-in Page Mean It’s Secure?”

  1. Hi,
    I think TrueCrypt is gone now. There are many alternatives.
    I use SafeHouse Explorer. I also never have certain info on my laptop when I travel, encrypted or not.
    Customs and TSA, and their counterparts in other countries may ask you to open encrypted volumes for them, and if you don’t, they can and will confiscate the equipment. Further, if they suspect you of wrongdoing, you could end up in situations you won’t want to experience.

    Reply
    • If you’re worried about that, there are a couple of ways around that. Keep any sensitive files on a Veracrypt (the replacement for Truecrypt) volume a Boxcryptor folder online but not on your computer. Boxcryptor is probably better because you don”t have to download the whole volume to access one of a few files.
      If you keep a Veracrypt volume on your machine, you can set up a hidden volume so you can give them the password to the innocuous data volume.

      Reply
  2. So would the connection be any more secure if the connection password was visible for everyone to see?

    In a venue quite local to me, they have a wifi access, but the access key is printed on a sheet of paper and hung up for everyone to see. Meaning anyone in the room could connect to it.

    Is that connection any more secure than if it had been completely ‘open’?

    Reply
    • When you log in to the network with a password, the communication between the devices and the router are encrypted. You still wouldn’t be able simply sniff the data transmitted between the devices and the router. A hacker who understands how the packets are encrypted and decrypted might be able to use the password to decode the sniffed data, but that’s probably a rare scenario.

      Reply
      • Actually that’s not true. With WPA2 the encryption key that’s actually used is unique to each connection, as I understand it. So with a WPA2 connection you still don’t run the risk of wireless packet sniffing.

        Reply
    • IF (and only if) that’s the password you need to specify to Windows to establish the Wi-Fi connection, then yes. You are NOT using an “open” Wi-Fi, it’s actually protected by WPA2 and your data cannot be sniffed.

      Ont the other hand, if you can connect to the hotspot, and it brings up some kind of web page into which you must type that password, then NO, it’s still an “open” wifi hotspot.

      Reply
      • Thank you, Leo. I appreciate the info. A few years ago, I set up my friend’s restaurant router so that her access was password protected, while her customers did not need a password.

        Based on what you say, I will suggest to her that we do the following:

        1) Leave her network with her password (for her peace of mind)
        2) Add a simple password for the customer network name, such as the owner’s first name.
        3) Add a third network named: “MR Password = owner first name” or similar hint.

        That way, even though it’s probably safe to let people use the main ID, she can feel safer, but meanwhile, the customers will definitely be safer. Thanks, again.

        John

        Reply
  3. Thank you Mark!

    I had steered away from connecting to it, ‘just incase’, but will consider it as somewhat more secure than any completely open options.

    Answers it perfectly! Thanks again.

    Thomas.

    Reply
  4. Is there a device that I could get that would connect to the open WiFi network but create a second network that is protected.

    My smartphones are both on plans that are severely data limited (one is 1 gig per month, the other is 200-300 meg per month) so I’d rather use such a device that would create a secure way to use a public network.

    Reply
  5. I carry a small travel router that connects between my device(s) and the open WiFi. It uses WPS2. When I get to my room, I set it up a Nam ready to go.

    Reply
  6. Leo:

    [I]n general, by clicking on “I Agree” (or whatever the button says), you are stating that you:

    * Won’t download porn

    * Won’t use it for anything illegal, like downloading copyrighted material (such as movies)

    *’Won’t use it to stream “too much” information, flood the network, or adversely impact other network users

    * Won’t use it … well, in whatever ways the network provider doesn’t want you to use it.

    AND there’s a better than even chance that there’s also boilerplate in there, granting them full permission and authority to monitor and capture every single bit (literally) of information you send or receive over their network, to use that data in any manner whatsoever that they see fit, AND completely and totally absolving them of any and all possible liability for any misuse of that data, intentional or otherwise.

    Personally, I think Faust got the better deal.

    Reply
  7. One thing I notice about “free” wi-fi from some business places is that they want me to enter contact information first before I can get on. Then afterwards I find I’ve just become part of their marketing pool. Guaranteed to get emails or text messages about every new product or service they’re offering.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.