My September, 2009 Montana InBusiness Monthly column
Summer is almost over, and from what I discovered while traveling in recent months, Wi-Fi security is still a relevant topic.
I stayed in a few hotels where no password was needed for the Wi-Fi, allowing anyone to open their laptop and quickly get an Internet connection. And that’s what motel managers wanted, because they don’t want to also act as computer technicians.
But free Wi-Fi also means that other people within range – in the hotel, or the parking lot, or across the street – can easily listen in to your e-mails and see the Web pages you visit.
Everywhere we look – airports, restaurants, coffee houses and stores – advertise free Wi-Fi, so even if you seldom ever leave town with your laptop, chances are good that you use free Wi-Fi.
The reason people can listen (and grab all the private e-mail and Web traffic on the Wi-Fi network with their own easy-to-use software) is because data traveling to and from your laptop is in the open, too. If you use Wi-Fi that requires a password for access, that same password also serves to encrypt the data in order to keep it away from prying eyes.
With public Wi-Fi, you should always assume someone is listening in. But it’s not difficult to be secure.
The first thing to look for is “https” in the address bar of your Web browser. Most Web sites will show “http,” which is not secure, and someone can see what Web sites you read and what information you might enter.
Web sites that are secure – they have a “https” instead of an “http” in the address bar – have built-in encryption security that is safe to use over free Wi-Fi, and your name, address and credit card number, etc., will be safely hidden.
Sites that use “https” include almost every bank, online store and any other Web site that needs security for transactions. Web browsers will also show a “https” connection with the icon of a lock in the address bar or highlight the site name in green.
Just as importantly, you can use the “https” type of secure connection with some e-mail services, to varying degrees; some encrypt only part of your email session, while others will encrypt it all.
If you use Google’s Gmail e-mail service, you can turn on https security all the time by going to your settings in Gmail, then select the “General” tab, and at the bottom of the page tick the box that says “Always use https.” Save and close. Then Gmail will secure all of your data, not just your login and password to your e-mail.
But not all Web e-mail services offer that full https capability. Yahoo Mail and MSN Hotmail transmit your login information over https, but not the text of your e-mails, so you’re only half protected.
More advice is to avoid using e-mail programs like Outlook, Apple Mail or Thunderbird unless you know they have been specifically set up to be secure, since they send e-mail in the “open.”
With free W-fi being available everywhere these days, it’s really your own responsibility to protect yourself, because it’s very easy for others to be listening in. So check to see if you’re using “https” sites for Web browsing and e-mail, and are safe from prying eyes.