Is it safe to login to a ISP's free Wifi hotspot with your username and password ?

E

Eddie Morra

Could you elaborate a bit more on what you mean?

I think you're referring to the logins where you connect to a free hotspot and then need to sign into your subscription account to remove the restriction of the free WiFi to only the login page. If that is what you're thinking of, then my answer is going to be an assuming yes, because it would be unacceptable and ridiculous if this wasn't the case.

I am pretty sure that most good ISPs that have a system like this will be leveraging HTTPS on the sign in page as well, which means your credentials won't be leaked if someone else is on the same hotspot but sniffing the network. However, if HTTPS isn't being used, then personally I wouldn't sign in on it using a public hotspot.

If you're talking about signing into accounts in general whilst using a public and free hotspot, then be careful because if the network is open for other people to connect onto, they could theoretically sniff the network (e.g. networking tools like Wireshark) and find out sensitive data such as credentials for accounts. This is only the case for HTTP though. HTTPS traffic is encrypted, so for HTTPS encrypted services, the data the attacker on the network will get won't assist them with stealing credentials.

Wait for a second opinion because I am far from a networking expert - I do not even scratch the surface in that regard - and thus may be wrong.
 
  • Like
Reactions: Weebarra, oldschool and ng4ever
N

ng4ever

Level 17
Thread author
Verified
Feb 11, 2016
800
Vendula Kubová said:
Could you elaborate a bit more on what you mean?

I think you're referring to the logins where you connect to a free hotspot and then need to sign into your subscription account to remove the restriction of the free WiFi to only the login page. If that is what you're thinking of, then my answer is going to be an assuming yes, because it would be unacceptable and ridiculous if this wasn't the case.

I am pretty sure that most good ISPs that have a system like this will be leveraging HTTPS on the sign in page as well, which means your credentials won't be leaked if someone else is on the same hotspot but sniffing the network. However, if HTTPS isn't being used, then personally I wouldn't sign in on it using a public hotspot.

If you're talking about signing into accounts in general whilst using a public and free hotspot, then be careful because if the network is open for other people to connect onto, they could theoretically sniff the network (e.g. networking tools like Wireshark) and find out sensitive data such as credentials for accounts. This is only the case for HTTP though. HTTPS traffic is encrypted, so for HTTPS encrypted services, the data the attacker on the network will get won't assist them with stealing credentials.

Wait for a second opinion because I am far from a networking expert - I do not even scratch the surface in that regard - and thus may be wrong.
Click to expand...

Thank you all makes sense.

Yes that is what I mean connecting to a free hotspot that need my sign in information from one of my ISP's email accounts.
 
  • Like
Reactions: Weebarra and Eddie Morra
E

Eddie Morra

ng4ever said:
Thank you all makes sense.

Yes that is what I mean connecting to a free hotspot that need my sign in information from one of my ISP's email accounts.
Click to expand...
On the bright side, you could always regularly change your passwords for your accounts after using a public hotspot if you were concerned. Quick and easy.
 
  • Like
Reactions: oldschool and ng4ever
Janl1992l

Janl1992l

Level 14
Verified
Well-known
Feb 14, 2016
648
i always use a vpn(airvpn) for public hotspots. Never ever i would leave my connection "open" on a public hotspot with so many peoples using it. So i dont need to care about username/pw or other sensible stuff im using while use the hotspot.
 
  • Like
Reactions: Weebarra and oldschool
E

Eddie Morra

Janl1992l said:
So i dont need to care about username/pw or other sensible stuff im using while use the hotspot.
Click to expand...
Note that if you have to sign into the network after connecting for the limitation to drop (some ISPs will do this but its a case-by-case basis) the VPN isn't going to kick in until post-sign in because the WiFi will be limited to only the sign in page until after authentication with a valid subscription.

I agree though, a VPN can be handy when using a public hotspot. Also, make sure to configure your firewall properly for the public hotspot.

I know that some people who use a public hotspot from their Windows devices for example... forget to switch it from private to public for the current connected-to network!
 
  • Like
Reactions: Daviworld, Weebarra, ng4ever and 1 other person
codswollip

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
ng4ever said:
Not any of your accounts you actually use.
Click to expand...

Sniffing is one thing, but "man in the middle" is another. I have this issue with Spectrum hotspots. How do I know with confidence, I'm connected with Spectrum. Well, I don't.

So my half-baked solution is to set up a "disposable" email account w/Spectrum (I'm allowed 10) and use that to access Spectrum hotspots only. Periodically I delete that account and then create a new "disposable" account.
 
  • Like
Reactions: Weebarra and ng4ever
N

ng4ever

Level 17
Thread author
Verified
Feb 11, 2016
800
Telos said:
Sniffing is one thing, but "man in the middle" is another. I have this issue with Spectrum hotspots. How do I know with confidence, I'm connected with Spectrum. Well, I don't.

So my half-baked solution is to set up a "disposable" email account w/Spectrum (I'm allowed 10) and use that to access Spectrum hotspots only. Periodically I delete that account and then create a new "disposable" account.
Click to expand...

Bingo!
 
  • Like
Reactions: codswollip and Weebarra
codswollip

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
Local Host said:
Use the Public Network Setting on Windows, you'll be generally safe.

You can always use a VPN to extend that.
Click to expand...
How do these protect against a man-in-the-middle attack where a rogue AP posing as your ISP accepts your login/password credentials when you "log in" for wifi.
 
L

Local Host

Telos said:
How do these protect against a man-in-the-middle attack where a rogue AP posing as your ISP accepts your login/password credentials when you "log in" for wifi.
Click to expand...
The question is why are you worried about MITM attacks, ever heard of HTTPS and SSL? You don't need to do anything on your end, besides having common sense.
 
codswollip

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
Local Host said:
The question is why are you worried about MITM attacks, ever heard of HTTPS and SSL? You don't need to do anything on your end, besides having common sense.
Click to expand...
So... HTTPS and SSL prevent MITM attacks. Thanks for that enlightenment :unsure:
 
5

509322

Telos said:
So... HTTPS and SSL prevent MITM attacks. Thanks for that enlightenment :unsure:
Click to expand...

It isn't 100 %. There are are different means to sniff HTTPS and SSL. However, the likelihood of anyone doing that is low using a rogue AP. It would be more likely that you are MitM'd on your side by malware running on your system. More or less the same way antivirus softs MitM your browser traffic so you can get phishing and other malicious webpage alerts.
 
  • Like
Reactions: harlan4096 and codswollip
H

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,196
In my country the early days we used to sign in with fictitious username and password when we sign in to the free ISP WiFi.

Nowadays, we need to sign in using our phone number which is tied to your phone when you sign up.

Now, the gov can track us easily
 
H

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,196
ng4ever said:
I use a VPN too once I am connected.

Is it possible to use a VPN before being connected ?
Click to expand...
Yes you can but not the traditional desktop VPN service.

Get a portable VPN device e.g. Keezel, InvizBox Go etc. It'll connect to the WiFi hotspot first. Once the connection is established you then connect your laptop to the portable VPN device. In short, you start your VPN first before connecting your laptop to the hotspot Wifi

This

1) eliminates any chances of MITM attacks
2) eliminates any window time frame (can be a few seconds to minutes) between the connection of your laptop Wifi and the hotspot before your traditional desktop VPN service kicks in
 
Last edited:
  • Like
Reactions: ng4ever

Similar threads

lokamoka820
    • Like
Hot Take How to Protect Your Windows NTLM Credentials from Zero Day Threats
Replies
1
Views
447
General Security Discussions
Zero Knowledge
Z
R
Serious Discussion How was my "5G on-the-go hotspot" network device hacked?
Replies
18
Views
1,244
General Security Discussions
Victor M
Victor M
H
Serious Discussion Clicked on a Dropbox spoofed email - Want to check I've done all I can to protect myself
Replies
2
Views
608
General Security Discussions
icotonev
icotonev

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top