Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

Does a Login Page on an Open Wi-Fi Hotspot Mean it’s a Secure Connection?

//
Many hotels, airports, and other places with an open Wi-Fi hotspot display a page that I need to log in to or accept terms on before I can connect to the internet. Does that mean it’s a secure connection?

No. Absolutely not.

This is a critically important distinction to make, and it’s one I’m afraid many people misunderstand.

Become a Patron of Ask Leo! and go ad-free!

Wi-Fi security

Wi-Fi security, or lack thereof, exists in the wireless connection between your laptop and the Wi-Fi access point.

In an open Wi-Fi hotspot, it is not secure, period. It doesn’t matter what happens after connecting.

Wireless Connection

The Rule: if you didn’t have to enter a password in Windows or on your device simply to connect to the network, you are not on a secure network.

Enter an Open Wi-Fi Password

If you can see a login or Terms of Service page – and by that, I mean any page in your browser with pictures and text asking you to log in or confirm acceptance of some terms of service – then you have already connected to the network. It’s the network that’s displaying that page.

You’ve connected to the network, and probably the router; it’s just not letting you get any further until you log in or accept.

If you can connect without a password on your Wi-Fi connection and you can see anything in your browser — even that login page — then it’s an open Wi-Fi hotspot, and it is not secure.

It doesn’t protect you; it protects them

If the connection isn’t secure, what’s that “interstitial”1 login or “terms of service” thing all about?

It has nothing to do with technology and nothing to do with security. It’s all about liability.

Technically, it’s called a “captive portal”, as it “captures” your connection and forces you to read and respond to that intermediate page before you’re allowed further.

Take a close read of the words on that login page. Chances are, all you’re doing is agreeing to the terms of service. The wording and specifics will vary, of course, but in general, by clicking on “I Agree” (or whatever the button may say), you are stating that you:

  • Won’t download porn
  • Won’t use it for anything illegal, like downloading copyrighted material such as movies
  • Won’t use it to stream “too much” information, flood the network, or adversely impact other network users
  • Won’t use it … well, in whatever ways the network provider doesn’t want you to use it

Now, obviously, they can’t prevent you from doing that kind of stuff. But it does allow them to kick you off and potentially even prosecute you if you don’t follow the terms of service you agreed to.

So, they force you to agree to those terms of service if you want to use their open Wi-Fi hotspot.

That’s all it is. It doesn’t protect you at all. It protects them.

Protecting yourself

So, if this login or accept-the-terms page has nothing to do with your security, how do you protect yourself?

Simple. Take all of the usual steps to use an open Wi-Fi hotspot safely.

Or, as I often do, don’t use the open Wi-Fi hotspot at all. Instead, provide your own, more secure alternative.2

Podcast audio

Play

Footnotes & references

1: An interstitial is a term commonly used to refer to the page displayed before the page you want when you click on a link. Most commonly it’s an advertisement, but the term applies to these situations as well. You try to go to askleo.com and you’re presented with the hotel/coffee shop “interstitial” page that requires you to accept terms to proceed.

2: I typically use a device that connects me to my mobile phone provider’s data plan. It can provide a hotspot. That hotspot uses WPA2 to secure the connection, which requires an actual password before you can connect and see anything.

11 comments on “Does a Login Page on an Open Wi-Fi Hotspot Mean it’s a Secure Connection?”

  1. Hi,
    I think TrueCrypt is gone now. There are many alternatives.
    I use SafeHouse Explorer. I also never have certain info on my laptop when I travel, encrypted or not.
    Customs and TSA, and their counterparts in other countries may ask you to open encrypted volumes for them, and if you don’t, they can and will confiscate the equipment. Further, if they suspect you of wrongdoing, you could end up in situations you won’t want to experience.

  2. So would the connection be any more secure if the connection password was visible for everyone to see?

    In a venue quite local to me, they have a wifi access, but the access key is printed on a sheet of paper and hung up for everyone to see. Meaning anyone in the room could connect to it.

    Is that connection any more secure than if it had been completely ‘open’?

    • When you log in to the network with a password, the communication between the devices and the router are encrypted. You still wouldn’t be able simply sniff the data transmitted between the devices and the router. A hacker who understands how the packets are encrypted and decrypted might be able to use the password to decode the sniffed data, but that’s probably a rare scenario.

      • Actually that’s not true. With WPA2 the encryption key that’s actually used is unique to each connection, as I understand it. So with a WPA2 connection you still don’t run the risk of wireless packet sniffing.

    • IF (and only if) that’s the password you need to specify to Windows to establish the Wi-Fi connection, then yes. You are NOT using an “open” Wi-Fi, it’s actually protected by WPA2 and your data cannot be sniffed.

      Ont the other hand, if you can connect to the hotspot, and it brings up some kind of web page into which you must type that password, then NO, it’s still an “open” wifi hotspot.

      • Thank you, Leo. I appreciate the info. A few years ago, I set up my friend’s restaurant router so that her access was password protected, while her customers did not need a password.

        Based on what you say, I will suggest to her that we do the following:

        1) Leave her network with her password (for her peace of mind)
        2) Add a simple password for the customer network name, such as the owner’s first name.
        3) Add a third network named: “MR Password = owner first name” or similar hint.

        That way, even though it’s probably safe to let people use the main ID, she can feel safer, but meanwhile, the customers will definitely be safer. Thanks, again.

        John

  3. Thank you Mark!

    I had steered away from connecting to it, ‘just incase’, but will consider it as somewhat more secure than any completely open options.

    Answers it perfectly! Thanks again.

    Thomas.

  4. Is there a device that I could get that would connect to the open WiFi network but create a second network that is protected.

    My smartphones are both on plans that are severely data limited (one is 1 gig per month, the other is 200-300 meg per month) so I’d rather use such a device that would create a secure way to use a public network.

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Typically that's off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.