Traveling? Beware of Unsecured Hotel Wi-Fi Networks
Nearly every hotel nowadays offers free wi-fi, but a surprising number of them use unsecured wireless networks. Most commonly, the unsecured networks use a captive portal to access the wi-fi network, where a splash screen pops-up in a web browser window before you are granted further access to the network. Often there’s some marginal login requirement, like entering your room number, or email address. Captive portals are different from entering a wi-fi password to join the wireless network, which is necessary when joining a secured network.
But once connected, these networks are usually completely insecure, with no wi-fi security protocol in place at all. This means that any unencrypted data is transmitting openly over the wireless network potentially in plain text format, potentially revealing that data to any nefarious actors or snoopers on the network.
While it may be improbable or unlikely that someone is sniffing around the wireless network for unencrypted data, it’s still wise to proceed with caution when using any unsecured network.
How can you tell if your internet connection is unsecured or secure? The simplest way is to use a Mac, then do the following:
How to Determine if a Wi-Fi Network is Unsecured
The Wi-Fi menu will let you know if you’re on an unsecured network by having a triangle with a ! Exclamation symbol in the dropdown. You can also further confirm this by specifically looking at the security type, or lack thereof:
- Hold down the OPTION key
- Click the Wi-Fi menu bar item while continuing to hold the OPTION key
- Locate the network name you are connected to in the list, then look for “Security”
- If the ‘Security’ says “None”, the network is insecure with no encryption used
As you can see in the screenshot, this is an unsecured wi-fi network, not using any encryption type.
If the wireless network was secured, you’d see something like WPA, WPA2, WPA3, or WEP, rather than ‘None’.
So, let’s assume you’re on an unsecured network, what should you do? Here are some things to keep in mind.
Tips for Behaving on an Unsecured Wi-Fi Network
If you are on a wireless network with no network security, as is common at many hotels, you’ll want to protect yourself as best as you can. Some good advice is:
- Don’t enter any sensitive data into any website that is not HTTPS
- You may want to reconsider doing activities like online banking (online banks use HTTPS but still often better to be safe)
- Consider using a privacy-centric search engine and browser, like Brave
- Beware of unsecured communication methods, like SMS text messages (iMessages are encrypted, as are WhatsApp, Signal, Telegram, and most other messaging platforms)
This is obviously focused on the Mac and using the hidden wireless options within the Wi-Fi menu. If you’re on an iPhone or iPad, it turns out there is not any similar feature available, but you can always look for the lock icon next to the wi-fi signal strength indicator within Wi-Fi Settings, and if that lock icon is absent you can be sure the network is not secured.
If you enjoyed this tip, you may appreciate additional tips about security, where we cover a broad range of security related topics, from messaging to more.
Use a VPN. You should be doing that all the time anyway.
I am curious as to why you didn’t mention using a VPN? Using a browser with a built in VPN, such as Brave, only protects when using that browser. It is my understanding that it doesn’t protect when using other apps, such as Mail. But I’m not very security savvy, so I could be easily missing something here.
Completely pointless article. Any adversary could set up a wireless access point that looks like your hotel and mitm you.
If you are concerned about internet security you need to understand that your ISP or anyone purporting to be your ISP is not a trusted party.
Shouldn’t you mention people using VPNs? That is a big deal.
It’s insane to connect to any unsecured WiFi even for “just browsing”. Many apps run in the background exchanging data with a server and it’s difficult to know what’s going across that connection. It’s trivial for anyone on the same network to see view the network traffic. Don’t use unencrypted WiFi anywhere unless you have a vpn and know how to use it.