Good Question

free-wifiMy Facebook friend Jeff Wegge asked:  “Security question Bob. Is the hotspot on my mobile verizon phone any more secure than public Wi-Fi?”

This is a most excellent question! Generally speaking, the mobile hotspot will be more secure for two reasons The first is that only you are likely to be using it, unless you explicitly shared the SSID (network name) and passphrase with someone else. The second reason is that the session is encrypted which prevents eavesdroppers from ever knowing what you are doing with the connection.  The presence of the passphrase, which is also the encryption key, means the session is private.

Coffee shop and public wifi systems usually DO NOT require any kind of passphrase, and so the wireless connection is NOT encrypted. This means that someone with a laptop and network sniffing software like Wireshark could be reading the wireless traffic and harvesting user names, passwords, credit card numbers, and whatever else is going on in the room.

The present or absence of a passphrase determines whether the session is encrypted or not, regardless of location.  My wish for the new year is that public wi-fi providers start providing passphrases so my session can be encrypted.  You could paint the wireless passphrase on the wall, and the session would still be secure.

0

About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.