Don’t make this mistake yourself
This is a critically important distinction to make, and it’s one I’m afraid many people misunderstand.
Become a Patron of Ask Leo! and go ad-free!
Wi-Fi security happens between your computer and the Wi-Fi access point. Open Wi-Fi hotpots have no security. If you need a password just to connect to the network, it’s likely a secured connection, but your computer can’t tell you for certain. Webpages asking for log-in or acceptance of terms of service have nothing to do with security.
When it comes to “open” Wi-Fi, security (or lack thereof) exists in the wireless connection between your laptop and the Wi-Fi access point.
An open Wi-Fi hotspot is an internet access point which requires no password to connect.
It is not secure, period.
It doesn’t matter what happens after you connect.
The Rule: if you didn’t have to enter a password in Windows or on your device simply to connect to the network, you are not on a secure network.
If you don’t need to tell your device the network security key — often referred to as the Wi-Fi password — and you’ve never connected to that network before, then you’re probably connecting to an open Wi-Fi hotspot. And again, an open Wi-Fi hotspot is not secure, period.
Which is which?
Almost all Wi-Fi enabled devices show you which networks are open and which are secure.
The presence of the padlock means the Wi-Fi network is secure and requires a password or network security key in order to connect. Your connection is encrypted.
The absence of a padlock means the Wi-Fi network is open, and anyone can connect. The connection is not encrypted, and unless you take additional steps, anyone nearby can see what you send and receive.
To add to confusion Windows will for some reason display an exclamation or shield for open Wi-Fi, and nothing for secure. In any case, the word “secure” is present for your connection if it is indeed secure.
The open Wi-Fi login
If the first thing you see in your browser is a log-in or Terms of Service page, you are connected to the network. The network is displaying that page. You’ve connected to the network, and probably the router; it’s just not letting you get any further until you log in or accept those terms.
If you can connect without giving Windows1 a Wi-Fi password, and you can see anything in your web browser — even that log-in page — then it’s an open Wi-Fi hotspot, and it is not secure.
If, for example, the coffee shop tells you a password to use, then:
- If you need to give it to Windows or your device so you can connect at all, that’s a secure connection
- If you need to enter it into a page within your browser, that’s an open connection, and it is not secure.
It doesn’t protect you; it protects them
If the connection isn’t secure, what’s that log-in page or “terms of service” all about?
What you’re seeing is called an “interstitial” page, which has nothing to do with technology and nothing to do with security. It’s about liability.
Technically, it’s called a “captive portal”, as it “captures” your connection and forces you to read and respond to that intermediate page before you’re allowed further.
Take a close read of the words on that log-in page. Chances are, all you’re doing is agreeing to the terms of service. The wording and specifics vary, of course, but in general, by clicking on “I Agree” (or whatever the button says), you are stating that you:
- Won’t download porn.
- Won’t use it for anything illegal, like downloading copyrighted material (such as movies).
- Won’t use it to stream “too much” information, flood the network, or adversely impact other network users.
- Won’t use it … well, in whatever ways the network provider doesn’t want you to use it.
Obviously, they can’t prevent you from doing that kind of stuff. But it does allow them to kick you off, and potentially even prosecute you, if you don’t follow the terms of service you agreed to.
So they force you to agree to those terms of service if you want to use their open Wi-Fi hotspot.
That’s all it is. It doesn’t protect you. It protects them.
So, if this log-in or accept-the-terms page has nothing to do with your security, how do you protect yourself?
Simple. Take all of the usual steps to use an open Wi-Fi hotspot safely.
Or don’t use the open Wi-Fi hotspot at all. Instead, provide your own, more secure alternative.2