Good Question

free-wifiMy Facebook friend Jeff Wegge asked:  “Security question Bob. Is the hotspot on my mobile verizon phone any more secure than public Wi-Fi?”

This is a most excellent question! Generally speaking, the mobile hotspot will be more secure for two reasons The first is that only you are likely to be using it, unless you explicitly shared the SSID (network name) and passphrase with someone else. The second reason is that the session is encrypted which prevents eavesdroppers from ever knowing what you are doing with the connection.  The presence of the passphrase, which is also the encryption key, means the session is private.

Coffee shop and public wifi systems usually DO NOT require any kind of passphrase, and so the wireless connection is NOT encrypted. This means that someone with a laptop and network sniffing software like Wireshark could be reading the wireless traffic and harvesting user names, passwords, credit card numbers, and whatever else is going on in the room.

The present or absence of a passphrase determines whether the session is encrypted or not, regardless of location.  My wish for the new year is that public wi-fi providers start providing passphrases so my session can be encrypted.  You could paint the wireless passphrase on the wall, and the session would still be secure.

0

About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Senior Cybersecurity Engineer at Computer Integration Technologies, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment