Seeking Wi-Fi Security

Wireless networks are more prone to spying than wired ones, but it helps to know if your more sensitive transactions are over secure servers

Jim Dodson asks: We have retired and spend several months a year on the road in our motor home. We can get Wi-Fi in most RV Parks, but it is not generally secure. I'd like to know if there are any public secure wireless networks that I can use for online banking or credit card transactions on the road? Have you written any columns on this subject or is there any reference material that I can read about this subject?

Wireless networks are necessarily less secure than wired ones, if only because snooping on a wired network requires physical access to the cables, while anyone with the right radio can listen in on a wireless connection. The designers of Wi-Fi made things worse with a badly flawed security protocol, misnamed Wired Equivalent Privacy (WEP), that fails to prevent anyone with the right software tools from listening in on network traffic using an ordinary computer.

A newer security protocol called Wi-Fi Protected Access (WPA) provides much better security, but is not yet widely used for public hotspots—which typically rely on WEP or are completely open. This means someone could snoop on your network activities, though watching what you are doing in detail would require a lot of work. The real danger is that it's fairly easy to snatch usernames and passwords sent on open networks.

Recognizing a Secure Server

That doesn't mean that using these networks for confidential transactions is completely hopeless. A secure Web server—which I hope is what your bank, for example, uses—encrypts traffic from end to end, so anyone who intercepts it will only see gibberish. The address of a secure sever will begin with "https://" (instead of "http://") and you should be able to see this in your Web browser's address bar. If you are using the Mozilla Firefox browser, the address bar will turn yellow if you have a secure connection. You should always use the latest version of your browser (Internet Explorer 7 or Firefox 2) and make sure you have installed the latest updates.

Although e-mail messages can be encrypted, they generally aren't, whether you are on a wired or wireless network. Think of them as postcards: People aren't supposed to read them in transit, but since they can, you have to assume some people may. Unless you know you have a secure, end-to-end connection, e-mail should never be used to send any information that you expect to remain confidential.

The Wi-Fi Alliance Web site has a good discussion of security.

Before it's here, it's on the Bloomberg Terminal.