Source: Hotel Wi-Fi: Weigh the risk | OnGuard Online

Hotel Wi-Fi: Weigh the risk

February 4, 2015

Carol Kando-Pineda

Counsel, Division of Consumer & Business Education, FTC

When you travel, have you used your hotel’s Wi-Fi – maybe to pay a few bills or catch up on a report you need to read? You may want to think twice before logging in to accounts over hotel Wi-Fi. Hackers are using security vulnerabilities in hotel Wi-Fi to steal people’s passwords and other sensitive information. Here’s how it works: as a hotel guest, you try to get online using their Wi-Fi network and get a pop-up for a software update. But the network has been compromised. When you click to accept the download, you unknowingly load software designed to damage your computer or steal your information.

During your next hotel stay, consider whether you absolutely must share your login info over the Wi-Fi network. Weigh for yourself whether it’s worth the risk. If you decide to use a public network, take precautions:

When using a public Wi-Fi network, log in or send personal information only to websites you know are fully encrypted. Look for https in the web address – the “s” stand for secure. To be safe, your entire visit to each site should be encrypted – from the time you log in to the site until you log out. If you think you’re logged in to an encrypted site but find yourself on an unencrypted page, log out right away.
Don’t stay permanently signed in to accounts. When you’ve finished using an account, log out.
Do not use the same password on different websites. It could give someone who gains access to one of your accounts access to many of your accounts.
Many web browsers alert users who try to visit fraudulent websites or download malicious programs. Pay attention to these warnings, and keep your browser and security software up-to-date.
Some Wi-Fi networks use encryption: WPA2 is the strongest.
If you regularly need to access online accounts through public Wi-Fi networks, you may want to use a virtual private network (VPN). VPNs encrypt traffic between your computer and the internet, even on unsecured networks. You can get a personal VPN account from a VPN service provider. Some organizations create VPNs to provide secure, remote access for their employees. What’s more, VPN options are available to encrypt information you send through mobile apps. If you work out of hotels frequently, you may want to obtain your own mobile hotspot, which encrypts traffic between your device and the Internet and uses the cellular network instead of public Wi-Fi.
Installing browser add-ons or plug-ins can help. For example, Force-TLS and HTTPS-Everywhere are free Firefox add-ons that force the browser to use encryption, if available, on popular websites that don’t normally encrypt.