Public Wi-Fi is Unsecure, Just Like the US Mail

We keep telling people that it’s OK to use public Wi-Fi hotspots to do your banking online, but are we fighting a losing battle?  People hear that a Public Wi-Fi Hotspot is not secure, so they won’t use it … period.  We say, it’s true – a Public Wi-Fi Hotspot is not secure.  So what?  Neither is the US Mail, yet you trust it with very important and private information.  Thinking that the Internet connection provides your security is like thinking that an on-ramp to the Interstate can ensure your safety while driving to your destination.  It’s nonsense.

Secure = Encrypted

mailman

 

The first problem is that people hear the term ‘Unsecure’ and they go no further.  People think that Unsecure is Bad, therefore Secure must be good.  I challenge you to think this through.  That word, ‘secure’ in the context of Wi-Fi hotspots means ‘encrypted.’ If a Wi-Fi hotspot has the Encryption setting turned on, it means that all data traffic within the hotspot has been converted to code. It can’t be read by humans. But, the Wi-Fi hotspot security setting is not the only way for your data transmissions to get encrypted.

Using HTTPS

When you send a postcard thru the mail, you know that hundreds of eyes will have the ability to read it as it gets processed thru to its final destination.  It is an unsecure system.  So, if you don’t want your words to be visible, you put it in an envelope before mailing it.  The same is true of public, unsecured Wi-Fi.  Whatever data you send thru that Wi-Fi hotspot is readable to someone with ‘sniffing’ tools who is connected to the same hotspot.

Your bank is aware of this possibility so, their website provides you with the ‘envelope’ which encloses your data to and from the bank.  When you visit your bank’s website, you should see the httpS: at the beginning of the address and probably a green lock icon.  The ‘s’ stands for Secure and it means that anything you type or transmit is encrypted (turned into unreadable code) from your computer, thru the local Wi-Fi hotspot, thru dozens of hops along the wide area Internet, to your bank, and back.  The bank’s website provides this envelope of security regardless of how you are connecting to the Internet.  If there were some bad guys sniffing the airways in the same unsecured hotspot where you’re connecting, they would be able to see your transmissions, but it would be unreadable code.  Gobbledygook.  Secure.

https_thumb9

Banks and shopping sites will obviously provide this security, but many other websites do so as well.  Gmail provides the option to use HTTPS for all your email sent and received.  Facebook also offers the HTTPS connection in your account security settings.  So, when you’re connected to an Unsecure Internet connection, pay attention to the HTTPS – if it’s not there, don’t type or send anything you don’t want seen.  Think of it like writing on postcards.

Even if you are connected to a secure, wired network for your initial Internet connection, realize that your data makes many stops and turns along the way.  At each stop, it is possible that there are ‘bad guys’ working there who could copy your data.  But if it was in the encrypted ‘envelope’ your data is still safe from their prying eyes.  I hope you’re seeing how HTTPS is the real security for your data – not the method of connecting to the Internet.  And, it requires nothing of you other than to pay attention.   If the address starts with (httpS), and it’s the correct address (not a spoof) – all is OK.  If not, limit your actions and words to not reveal anything private.

gmailhttps_thumb1facebookhttps_thumb6

You Can’t Afford Not to do your Banking Online

At the start of this article I mentioned how we have been fighting a losing battle in trying to get people to do their banking online even from a public Wi-Fi hotspot.  People will still say, “I just don’t like the idea that the Wi-Fi is unsecured.  I can’t afford to take the chance that my bank transaction is not secured.”   We say you can’t afford NOT to do your banking online with whatever connection you have available.  Credit card fraud is a common occurrence, but you’re fully protected by most banks as long as you catch it in time.  So, log in to your bank account and check it.  You’ll be in much better shape if you discover fraud within one week than if you wait till you get home and read your monthly paper statement.

One time when I logged on I discovered that our card had been charged twice at the gas pump the day before.  Sometimes we do have to pump twice to fill our motorhome’s diesel tank, and sometimes it is even the same amount both times.  But, since I saw the transaction the next day, I remembered that we only pumped once this time.  I was able to call the truck stop in question and they reversed the charge.

Let’s take the inflammatory word ‘unsecure’ out of it and instead use the more accurate word, unencrypted.  Now, let’s repeat the statement above, “I just don’t like the idea that the Wi-Fi is unencrypted.  I can’t afford to take the chance that my bank transaction is not encrypted.  Aha!  But your bank transaction IS encrypted, right?  It is if you are using your bank’s HTTPS website.

Securing your Computer is Your Job

An even worse consequence of believing the scary messages about Unsecured Wi-Fi being unsafe, is that you’ll believe that any secured Wi-Fi IS safe. Safety is not the function of your Internet connection.  That’s like saying that it’s the highway’s job to protects you from danger as you drive.  No – it’s your job.  On the highway you’re only safe if you are an alert, careful driver and your vehicle is properly maintained.  The same is true of computers.  It’s up to you to be informed and not fall for scams, and it’s up to you to keep your computer properly protected and maintained.  What we mean by ‘Properly Protected and Maintained’ will be the subject of an upcoming article: You secure your computer.

We have other articles and videos on this topic, and there will be more.  Better yet, register for our Techno-Geek Learning Rally December 2-8 in Bushnell, Florida and you’ll get lots of lessons, even small group, hands-on lessons on computer security.

6 replies on “Public Wi-Fi is Unsecure, Just Like the US Mail”

  1. I have read so many articles or reviews regarding the blogger
    lovers however this post is truly a nice post, keep it up.

  2. The data that is transmitted to the Banks is secure. If you setting are not set correctly on your computer someone can get the personal information off your computer. Or leave a virus on your computer.

    • Yes, that’s true. But it’s true of both an unsecured (unencrypted) Wi-Fi hotspot and a Secured (encrypted) one. It is the user’s responsibility to protect their computer by not sharing. The easiest way is simply to specify ‘Public’ in Windows 7 or Vista as the type of network/hotspot. I will cover that in the next article on this topic. I originally had it in this article, but decided to shorten it and cover only one point at a time.

  3. Thank you, Chris! This post answered so many questions that I’ve had for quite a while. Hopefully, this article will help me to convince my husband that we really should be using online banking.

Comments are closed.