VPN doesn’t make open WiFi completely secure

Public WiFi access points (APs) are extremely convenient. They’re also not very secure. Most WiFi APs are configured to use encryption, which is why you need a password to access them. Most also use strong encryption, in the form of WPA2. That sounds good, but if you’re at all concerned about security, it’s not enough.

Even with strong WiFi encryption, anyone who has the WiFi password and is within range of an AP is sharing the network with everyone else using that AP. That means they can use network sniffing tools to see all the traffic on that network. If you sign in to any web-based service (such as web mail, or your bank site), and that service doesn’t also provide encryption, your username and password can be obtained very easily.

Savvy public WiFi users know this, and use VPN (Virtual Private Network) software to further encrypt their network communications. VPN adds a layer of encryption that is dedicated to your computer and makes your communication indecipherable, even to the hacker at the next table.

Unfortunately, even with VPN software, your communications on a public WiFi network are vulnerable. That’s because – in a typical (i.e. default) setup – there’s a delay after you connect to the AP and before the VPN kicks in. During this delay, you are exposed.

To be truly secure, even with a VPN, you need to apply limitations on what your computer can do over public WiFi – especially what it can do during periods when the VPN is not yet active. Unfortunately, this can get complicated. The guides linked below should help.

About jrivett

Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.