When you venture out into public spaces—like coffee shops, airports, and hotels—you are sharing more than just elbow room. Connecting your devices to a public Wi-Fi spot, the same one possibly hundreds of other people are using, could put your personal information at risk. Take the following precautions so you can enjoy the convenience of public Wi-Fi networks safely.
Turn off automatic connectivity
Most smartphones, laptops, tablets, and other internet-enabled devices have automatic connectivity settings, which allow you to connect effortlessly from one hotspot to the next. Unfortunately, this convenience comes at the cost of your security; it often connects your device to networks you would not otherwise use. Maintain control over which networks you join by keeping these settings turned off—especially when heading to unfamiliar places.
Turn off Bluetooth connectivity
Bluetooth connectivity allows various devices to communicate with each other. At home, that’s great for managing and connecting a variety of smart devices, like speakers, thermostats, lights, security systems, and so on. However, leaving Bluetooth on in public places can pose risks to your online security. A hacker may look for open signals and gain access to your device, so keep this function off when you leave a private Wi-Fi network like your home or office.
Connect to secure networks when possible
Many Wi-Fi hotspots don’t encrypt the information you send over the internet. If a network doesn’t require a password, it’s probably not secure. Usually the network will provide information at login about whether it is WPA (for Wi-Fi Protected Access) or WPA2 protected.
If you’re unable to connect to a secured network, at least make sure the connection requires a login or registration of some kind.
Use secure sites
A secure website will begin with “https” rather than “http.” The “s” stands for “secure,” and basically ensures that your information is encrypted so that it can be transmitted safely. Reputable merchants and online banks will always use this type of encryption on their sites. Some websites use encryption only on the sign-in page, but if any part of your session isn’t encrypted, your entire account could be vulnerable, so look for “https” on every page you visit.
Take time to sign out and log off
Particularly if you’re in a hurry, it can be easy to remain signed in to your account or a public network unintentionally. But regardless of whether your car is done or your flight is boarding, if you’ve been using public Wi-Fi, take the time to sign out of whatever site you were on. Don’t agree to stay permanently signed in to any account, log off of the Wi-Fi network, and remember to close the browser.
Keep track of your devices
Don’t leave your laptop, tablet, or smartphone unattended in a public place. Besides the fact that you don’t want to be out the cost of replacement, keeping your devices secure helps you keep your personal information secure. After all, working on a secure network won’t stop someone from taking your property or sneaking a peek at your device over your shoulder.
Likewise, be aware of who is behind and around you when you’re shopping or working on your laptop. Something as simple as entering your credit card details or a PIN number in view of a would-be thief can end up compromising your personal information.
Consider using a VPN
If you regularly access online accounts through Wi-Fi hotspots, consider using a VPN (for virtual private network). VPNs encrypt the data sent between your computer and the internet, even on unsecured networks. You can purchase a personal VPN account from a VPN service provider. Some employers create VPNs to provide secure, remote access for their employees. Moreover, VPN options are available for mobile devices that encrypt information you send through mobile apps.
Last Edited: December 4, 2017
Comment on this article
Comments
Paul F. on September 27, 2020 at 5:30pm
Why does Ally block VPNs, and suggest you use them?
S. K. on October 26, 2020 at 1:16pm
Funny - this author along with most security-minded people use VPNs while on dubious WiFi networks but at the same time Ally is known for blocking users' use of a VPN when attempting to access their web site and apps. The inference I make from this policy is "users should use a VPN, but user safety comes second to ours when accessing Ally domains." Ally could very easily come up with a security model that honors their security needs along with those of their customers. Many other sites do it. (TOTP, Yubikey, etc etc)
Rich A. on November 21, 2020 at 1:02am
I'm very frustrated that I switched to Ally Bank and now as I'm learning how to improve my online security by using a VPN, which Ally recommends, is blocking me from accessing while using a VPN and does not even have something in place to accommodate or use an alternate method.
Hypocritical A. on January 14, 2021 at 7:08pm
"Consider using a VPN" I had to disconnect from my VPN just to view this article. If Ally has since changed their tune regarding VPNs, at least have the decency to take down or modify this article.
Tre R. on January 21, 2021 at 8:45am
I noticed ally.com blocks my VPN. HTF are they doing that? As others mentioned, what a dick move. You suggest VPN and then you block it. So if we're overseas and need to access our account, we can't now...
Jason P. on February 23, 2021 at 3:24pm
It appears that it's not possible to log in to ally.com while my VPN is on. Is that intentional? I agree that it's safer to connect using a reputable VPN.
Kyle a. on August 5, 2021 at 4:54am
You state users should use a VPN when accessing our accounts over public WiFi but your ally mobile app does not work with a VPN.
JW on August 12, 2021 at 10:34am
I am shocked an online bank does not allow Yubikeys for one of its two form factor authentication choices, the authentication load uses such a tiny amount of resources, its fast and simple for the web team to implement. Ally invest does not even offer it yet. Its hard to believe it is so simple but too much trouble for Ally to be bothered with. You can use them when combining with an authenticator like Google but that takes away from its simplicity and involves another 3rd party or link in the chain.