We have already covered airport Wi-Fi security in another article, but what about surfing on hotel Wi-Fi on holiday or business? Are there any risks with using wireless internet in hotels for things like banking and email? Does using HTTPS or a VPN help?
In short, as with airports, we do not recommend browsing unsecured on hotel Wi-Fi, as it is not particularly secure as with any public Wi-Fi network. Hotel Wi-Fi is arguably the most insecure type of public Wi-Fi, due to the large number of people accessing it and the lax approach to Wi-Fi security that hotels often take in relaxed tourist destinations.
Here is a quick summary on the safety of using hotel Wi-Fi at different levels of protection:
Using hotel Wi-Fi with no protection whatsoever is not recommended at all unless for the most basic types of browsing (not logging into any accounts or entering sensitive details)
And then regarding the use of HTTPS:
Using hotel Wi-Fi with the green HTTPS padlock is slightly more secure than not having it, but still not recommended as your traffic can still be intercepted by someone experienced in hacking and networking.
And the regarding the use of VPNs:
Using hotel Wi-Fi with a reputable VPN is secure and the recommended approach at all times. A VPN will protect your traffic with very strong encryption protocols that are almost impossible to hack.
Lets look at the issue in more detail below, covering each of these three scenarios in more details, plus some options for VPN providers.
Hotels often have free Wi-Fi access for their visitors in lobbies and rooms, but it often comes with security risks which make a VPN essential for certain browsing (Source- Flickr)
The Dangers of Using Unsecured Hotel Wi-Fi
Hotel Wi-Fi is just another form of public Wi-Fi, and we have covered the dangers of public Wi-Fi in general in another article. In summary it is not considered to be a very safe form of Wi-Fi compared to home networks, because of the large number of people often accessing it and the lack of control the user has in terms of security because someone else is managing and controlling how the network is set up.
For obvious reasons hotel Wi-Fi is often set up with customer service first in mind, with ease of access rather than security the main focus. Hotels want guests to be able to get online as easily and quickly as possible, and the result is often that these networks are not particularly secure or private.
For example it is not uncommon to see Wi-Fi passwords simply pinned up in the lobby of a hotel, meaning anyone who even walks into the lobby can note it down and use it to get on the hotel Wi-Fi network along with all the other guests. It makes it easy to use but it doesn’t make it particularly secure when anyone could just wander in and get the password to the network.
Free Wi-Fi passwords such as this are often displayed openly in hotel lobbies and other public places, making the network easy to access for guests but not very secure
Anyone who has access to the hotel Wi-Fi network and a knowledge of hacking could potentially see what all other users were doing on that same network. This can be a big security risk if people are using the Wi-Fi for personal things like email, banking, online payments and social media.
Any situation where you are entering private passwords and details on an unsecured public Wi-Fi network could leave you open to having this data stolen or your accounts hacked.
For a skilled hacker it is relatively easy to execute a Man in the Middle Attack on unsecured public Wi-Fi, where they position themselves in between sender and receiver and intercept any data that is broadcast over the network.
Does Using the HTTPS Green Padlock Help With Hotel Wi-Fi?
In theory, browsing with the green https “secure” padlock in the top left corner of the browser should make your connection more secure. This padlock basically means that your connection is encrypted, meaning that all data sent over this connection is “scrambled” using algorithms that should in theory make it harder to intercept and hack.
Any site that already has you logging in and/or entering sensitive details should already have this HTTPS green padlock on by default. In this sense some could argue that this should already be enough to keep you protected on a public Wi-Fi network. If all the really big, important sites already use the green padlock, what do we need anything else for, right?
However, in the modern world and for a hacker who knows what they’re doing, it has now been shown to be possible to hack this https protocol.
There are also some dangers specific to hotel Wi-Fi, which we’ll cover in the next section below, that can make it an especially easy target for hackers.
So in summary, we don’t usually recommend just relying on the green https padlock to keep your data secure on hotel Wi-Fi.
Whilst it may be an acceptable form of security on a smaller private home Wi-Fi network, on a large, easily accessible hotel network where there are a large number of total strangers connecting, this is not really enough to keep your personal details safe online.
Here are some very limited circumstances when it may be OK to rely on the green https padlock alone when using hotel Wi-Fi:
- When you are not logging in anywhere or entering personal details (eg. credit card numbers, passwords, name, emails etc)
- Very light topical browsing (eg. checking the weather forecast or sports results)
- Using YouTube or another video site, as long as you are not logging in.
- If at any point you plan on logging in to any site (email, banking, social media, shopping etc), then a VPN is recommended. See the section further below.
The green padlock HTTPS “secure” does provide more security and is usually good enough for a small private Wi-Fi network, but not really for a large public Wi-Fi network like a hotel.
Is There Really a Risk With Hotel Wi-Fi Though?
Some people may think we are over-exaggerating the risks making too big an issue out of it. They may point out that anecdotally they and their friends and family never seem to have had any security issues using public Wi-Fi so what’s the problem?
The reality is that there is a security risk with public Wi-Fi at hotels and other places, and it is something regular travelers should take into consideration even if they have yet to have problems using public Wi-Fi.
Here are some specific reasons why hotel Wi-Fi can be targeted above all others:
1. Size of the Network – Hotels can be very large with sometimes hundreds of guests staying there connecting to the Wi-Fi, so there are a lot of potential targets and a lot of potential personal information to gather from those using that network on a unsecured connection. People entering card details and passwords online on open public Wi-Fi is a cybercriminal’s dream and is basically handing them personal info they can use.
2. Suitable Targets – Secondly, hackers will most definitely target hotels, simply because they are a source of wealthy people with money to steal. The very fact they are in a hotel and on holiday shows they have money to spend and so they are an obvious target for cybercriminals. They will go where the money is.
3. Relaxed Atmosphere & Rules – Thirdly, hotels in tourist destinations are obviously full of people on holiday and therefore there is often a relaxed vibe in these places, evidenced by the Wi-Fi password being stuck up on the wall for anyone to see! People also tend to let their guard down on holiday and may be more relaxed and carefree than they would be in their everyday lives. This is another thing cybercriminals will seek to exploit and take advantage of.
4. Accessibility – Fourthly, hotels in cities especially tend to be terraced in with buildings on each side, with their Wi-Fi signal often being accessible from adjacent buildings. Therefore someone need not even be a guest to access the network; they need simply to get the password from the lobby and be in a building close enough to pick up the Wi-Fi signal to get on the network.
This is not just “pie in the sky” theory but is actually reported to be happening in some cases. See this article for a report on Russian hackers who were reportedly using hotel Wi-Fi to target government and business personnel visiting Europe and the Middle East.
The KRACK attack experiment in 2017 by a group Belgian researchers also showed the security flaws in Wi-Fi.
These people are often after a specific target for personal or political reasons but cybercriminals in general will go where there is an opportunity and see what they can “sniff out”, and hotels are an excellent place to start.
This is why it is important to secure any personal browsing done over hotel Wi-Fi with a VPN, which we will go into in more detail below.
Use a VPN For Secure Browsing on Hotel Wi-Fi
For the reasons we mentioned above, we believe it is essential in today’s world to use a Virtual Private Network or VPN to access the internet on hotel Wi-Fi or any public Wi-Fi network in general, such as at airports, cafes, restaurants, libraries and so on.
This is especially true for any kind of browsing where you are entering passwords to log in somewhere or entering any other personal information like card details.
One could argue that for very basic browsing like weather forecasts and news one does not need a VPN, but in reality most people use the internet for more than that even on holiday. At some point they will log in to email, social media, or banking and so they will ideally need a VPN.
A VPN is a piece of software that creates a strong, secure, encrypted connection to a wireless network, which means that all browsing done on that network and that device is fully secured and private. No one else can see what pages you are visiting or what data you are entering.
VPNs are virtually impossible to hack even for experienced cybercriminals and are an essential safety tool for using any exposed Wi-Fi network such as in hotels.
A VPN creates a virtual tunnel for all your browsing data so it is secure from hackers and snoopers even on public Wi-Fi such as hotels
There are many different VPN services available nowadays with specialized review sites analyzing every single one of them in great detail. However for most everyday users they all do pretty much the same job of creating a secure encrypted connection to whichever Wi-Fi network you are accessing.
The good news nowadays is that there are also a lot of viable 100% free VPN options you can use now to see how they work. Some of them even have unlimited use.
Here’s a selection of good free VPN options to get started with:
| Provider | Free Server Locations | Data Limit | More Info |
|---|---|---|---|
| ProtonVPN | 3 (USA, Amsterdam, Japan) | Unlimited | See here |
| AtlasVPN | 3 (USA East, USA West, Amsterdam) | 5 GB/month | See here |
| TurboVPN | 4 (USA, Germany, Singapore, India). | Unlimited | See here |
| Hide.me | 5 (Netherlands, USA*2, Germany, Canada) | 10 GB/month | See here |
| PrivadoVPN | 10 (USA, UK, Canada, Germany, France, Netherlands, Switzerland, Mexico, Brazil, Argentina) | 10 GB/month | See here |
| Windscribe | 10 (USA, UK, Canada, Hong Kong, France, Germany, Netherlands, Switzerland, Romania, Denmark). | 10 GB/month | See here |
| Tunnelbear | 49 | 500 MB/month | See here |
If you’re wanting a Premium VPN which offers more server locations, 100% unlimited fast servers, plus access to streaming services, then there’s also loads of good options, ranging from $3-8/month in price.
Here are some good ones:
Bottom line – PIA have the best of everything with great value plans plus loads of servers in 80+ countries, but PrivadoVPN also have a great value limited time offer just for our readers.
*If you’re wanting a VPN specifically just for shorter term use (just 1-4 weeks on holiday), see our special guide on this, where we list shorter term VPN plans more suited for vacation use.
For as little as a few dollars per month a paid VPN service can get you securely online on any public Wi-Fi network, including hotels, so you don’t have to worry having logins, card details or other personal data stolen when browsing in public places.
Given that you cannot rely on hotels and other places to fully secure their networks, it is an excellent way to take responsibility for your own online safety by securing your own device.
Signing up for a VPN is usually very easy. You simply visit their site (click on one of our affiliate links above for each provider), sign up, pay your subscription, download their product and boot up the program. Once running you simply select a preferred server location and open the VPN connection. You now have a secure connection that no one else on that Wi-Fi network can see or access.
Is a VPN Really Worth It For Public Wi-Fi?
Some people may question whether a paid VPN service is really worth it for the money, particularly if they don’t travel or use public Wi-Fi a lot. Is it really worth paying somewhere between 3 and 6 dollars a month to get a secure connection when they have never had any problems on public Wi-Fi anyway?
In our opinion, a VPN is definitely worth the money and should be considered a small investment in return for piece of mind and security of their valuable personal information. Obviously the value for money increases the more it is used so they are especially good value for business people and other regular travelers who end up using public Wi-Fi a lot.
Some people may want to take their chances on public Wi-Fi and are not too worried about online security. Similarly people who only very occasionally use public Wi-Fi may opt for a free VPN service. Tunnelbear actually offers a limited free service with a 500 MB monthly allowance. This will work for very light browsing but if you are streaming, downloading or browsing a lot, this will soon run out.
The other problem with free services is that they can be very slow and unreliable. With VPNs you do get what you pay for so a paid plan is usually best and very cheap options are available.
Also it is worth considering all the hassle that is involved in dealing with any kind of identity theft, credit card fraud or hacked accounts. Admittedly it doesn’t happen to the majority of people but the people it does happen to often have a lot of stress and hassle undoing the damage, sometimes on their holiday as well which makes it even worse.
Money that is stolen through financial fraud is often (though not always) returned but it is the hassle involved in cancelling bank cards, getting new ones issued, resetting passwords, proving transactions were fraudulent and so on that people really don’t want to be dealing with, especially when on holiday or the other side of the world.
It is therefore better to consider a VPN as a kind of insurance against this kind of thing happening. By making all connections on public Wi-Fi networks secure, a VPN massively reduces the chance of personal details being stolen online in hotels and other public places. In today’s world they should be an essential tool in online privacy on public networks.
Other Tips For Staying Safe on Hotel Wi-Fi
Here are a few other tips for staying safe online on hotels (and other public Wi-Fi networks in general) as well as using a VPN (some links are affiliate links):
- Turn off file sharing and Air Drop options on Windows
- Use long complex, unique, passwords for each login. If you have a lot of different logins then a password management tool like LastPass can be useful.
- Having up to date antivirus and anti-malware installed always helps. McAfee are an excellent option here – a globally recognized name that has been around for years.
- Use general caution and common sense online – don’t visit suspect sites or click suspect links and don’t open suspicious emails
- See our article on staying secure online for more tips.
- See also our troubleshooting guide if you are struggling to get a VPN to connect over public Wi-Fi.
