Recently I was at a concert with friends, that had free wif-fi hotspot available. The only requirement for connecting to the wi-fi hotspot was to use a password that was made publicly available. My friends thought "what's the point of requiring a password if everyone knows it".
I thought….who ever is responsible for running the event must be pretty smart.
Sure, at first you may think a password that is made public is no more secure than just connecting to an open hotspot with out a password. In reality, you are less secure with out the password requirement. In fact, you're more at risk of having your Facebook or Twitter passwords stolen while using the open hot spot that does not have a password.
When you connect to wi-fi hot spots with a password, it is using WPA2 security which encrypts the communication between your device and the hotspot. While using hotspots with out a password, the communication is not encrypted, which allows anyone to see all traffic on the network in the clear when using a sniffer.
With WPA2 security, even though everybody uses the same password, each device (your phone, tablet, computer, etc…) connected to the hotspot uses a different encryption key, preventing sniffers from viewing the communications from being seen unencrypted, and stealing your passwords. Additionally, the added automatic functionality of using different keys for each connected device is more secure on a public network, and causes headaches for someone with malicious intent.
This is the reason why WEP encryption is less secure compared to WPA2. With WEP, each connected device uses the same encryption key, which makes the hotspot less secure even with encryption (WEP also uses a weak encryption algorithm). If one device encryption key is hacked, the hacker can then break the encryption of all connected devices, since the same key is used.
For me, when it comes to connecting to open wi-fi hotspots that do not use passwords, I don't use them. There is just too much risk and uncertainty of who could be lurking on the network. The only safe way to trust an open wi-fi hotspot is to use a VPN connection. Something you may want to also consider even when using a hotspot with WPA2 encryption.
One more item to keep in mind with free wi-fi, specifically like the one that hotels or some public places provide. Don't be fooled into thinking the login page that is displayed after you connected is WPA2 encryption. It has nothing to do with it, and is just the hotel or public place terms of service for using their network. Remember, the login page can only be displayed after you connected to the network, otherwise if you don't connect you will never see the page and access the Internet.
An example business wifi login page may look like this
Sometimes, it makes you wonder if public places really care about your security. All they need to do is create a simple password, that can be the name of the business. Because, for a public hotspot, they should not be worried about anyone finding out the password, and more about providing a secure network.