To password or not to password, that is the question.
The short answer is absolutely yes!
Using WPA2/3 with a password — even a publicly visible one — adds significant levels of security beyond traditional open Wi-Fi hotspots, even if everybody in the room knows the password.
Become a Patron of Ask Leo! and go ad-free!
Visible Wi-Fi passwords
Using WPA2/3 with a publicly available password provides significantly better security than an open Wi-Fi hotspot. Each connection is encrypted separately, preventing eavesdropping. Even if the password is widely known, it still adds significant security compared to open networks.
No password
When you’ve got an open Wi-Fi hotspot — meaning you do not need to provide a password to Windows or your mobile device in order to connect — all the information transmitted by each of the computers connected to that hotspot is transmitted in the clear.
In other words, anyone within range can eavesdrop on the conversation.
That puts the onus of security on each individual user. That’s not necessarily a good assumption.
Using WPA2
WPA2 (or WPA3) has an interesting characteristic. Even though the password you use is the same for everybody, each individual connection between a computer and a hotspot uses a different, private, encryption key.
What that means is that while multiple computers are connected to the same hotspot, they cannot eavesdrop on one another. Each connection is encrypted separately and privately. It’s a very good design point for WPA.
The public password
I wish that every open Wi-Fi hotspot in the world would switch to this model. In other words, I wish that at Starbucks there was a board on the wall that said, “Today’s Wi-Fi password is…”. You would need to enter that password to connect to the hotspot. It is a minor inconvenience for a significant level of additional security.
Unfortunately, Starbucks and all the other open Wi-Fi hotspot providers in the world know that using WPA would give them customer service issues, and the baristas will not be prepared when someone asks for help.
There is hope. In the years since I posted this article originally, I have run across more and more hotspots that do exactly as I suggest: there’s a password somewhere.
It is much more secure to have a WPA2 connection with a publicly posted password than to have a completely open Wi-Fi hotspot.
Do this
Use your Wi-Fi hotspots carefully. You are allowing someone else to be your ISP, and with that comes more than just the characteristics of the hotspot. However, a publicly posted password is a good sign.
While you’re connected, subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Some of the worst offenders are airports. They all have open WiFi with no password. It would be easy for them to implement a password and post it on the interstitial pages. All a hacker needs to do is get an inexpensive ticket and probe the different connections. Always use a VPN at an airport or any place that has an unencrypted connection.