Is hotel Wi-Fi safe?

Tips & tricksVideo
6 mins

Hotel Wi-Fi is not always safe. Actually, hotels are considered some of the riskier places to use Wi-Fi because they might lack basic security features. You can get hacked using hotel Wi-Fi since they are attractive targets for hackers due to the large number of people who use them.

Even if its security is relatively sound, there are other risk factors associated with it being a widely shared network. But that doesn’t mean you shouldn’t use the internet in your lodgings. Before you tap connect, take a few precautions to protect your connection. 

Read more: Ethernet vs. Wi-Fi: Which is better?

Why hotel Wi-Fi isn’t safe

Hotels make excellent targets for cyber criminals for a couple of reasons. Not only can nefarious actors find a large concentration of potential targets, but the network security hotel guests rely on can be rudimentary to nonexistent.

In October 2020, the FBI issued a warning on the dangers of using hotel Wi-Fi, pointing out that hotels favor convenience for guests over security measures, especially since there is no specific hotel industry standard for secure Wi-Fi access. 

In many hotels, Wi-Fi passwords change infrequently, and they’re often found on placards at the reception desk. Under these circumstances, hacks can happen relatively easily using simple methods, and likely affecting a large number of guests.

While these scenarios aren’t necessarily the norm, there are plenty examples of hotel Wi-Fi attacks, like when Russian hackers used a leaked NSA tool to target hotel guests in 2017.

Here are some of the ways an attacker can hack hotel Wi-Fi:

Evil-twin attack

With this method, criminals create a network with a similar name to the hotel’s network and gain direct access to the computer of any guests who accidentally connect to it. 

Man-in-the-middle attack

In man-in-the-middle attacks, a hacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. 

Packet sniffing

This is where a hacker records the packets of data that pass between you and an unsecured Wi-Fi router.

Router hacking

Perhaps the most devastating attacks possible would involve hacking a hotel’s router. This could give attackers access to information ranging from guests’ credit-card details to keycard systems.

Can hotel Wi-Fi see what you’re doing?

Wi-Fi admins could potentially see what you’re doing if your connection is unencrypted. While they probably won’t be able to read your messages, they might be able to know the sites you visit and how much time you spend on them, while connecting this information back to your room number. 

If your connection is encrypted, such as with a VPN turned on, admins will only be able to see packets of encrypted data being sent to the server from a device, but not what the packets contain.

How to stay secure on hotel Wi-Fi

Here are a few things you can do to keep yourself secure:

1. Use a VPN to encrypt your traffic

This is simply the easiest way to stay safe on public Wi-Fi. A VPN sends all your online traffic through an encrypted tunnel, so even if someone intercepts your activity, they won’t be able to see any of it.

2. Always confirm the hotel network’s name before connecting 

While it might be tempting to connect to the first Wi-Fi you see when you’re in line to check in, you can avoid fake Wi-Fi networks (set up by hackers) by being 100% sure about the hotel Wi-Fi’s name. 

3. Avoid using hotel Wi-Fi for banking

This tip sidesteps the problem rather than solving it, but it’s worth waiting to check your bank account when you get home rather than risk exposing it over hotel Wi-Fi. If your connection is not secure enough, an attacker might be able to steal your passwords and account details.

4. Use your phone as a hotspot instead of Wi-Fi

One option is to not use hotel Wi-Fi. If you’re getting data on your phone—admittedly unlikely if you are traveling internationally—you can use it as a Wi-Fi hotspot for other devices such as a laptop. Alternatively, you could use a portable router, which is a small device you carry with you and top up with data as needed using a credit card. You connect to it with a password in the same way you’d use any Wi-Fi network.

These hotspots are harder to attack because they’re moving, and they are less attractive to attackers because there are fewer people using them.

Read more: How to keep your mobile hotspot secure

5. Always keep software up to date to patch known security issues

You should be keeping your phone’s operating system up to date whether you’re on public Wi-Fi networks or not. Vulnerabilities are found all the time, some of them posing great risk to your device or privacy. Tech companies constantly release new versions of software that include fixes to these bugs. Keeping your device up to date is a basic way to ensure your online security under any circumstances.

6. Encrypt your data using Tor or other methods

While the easiest way to encrypt your connection is with a VPN, there are other methods. These include using the Tor Browser, which relays and encrypts your traffic three times when you browse, increasing your anonymity. You can also ensure that the sites you visit use HTTPS rather than HTTP, as indicated by a padlock symbol next to the URL. However, these methods won’t protect your whole device, including connections to apps, like a high-quality VPN would.

Read more: The internet is safer now—but a VPN is still essential protection

7. Don’t open any malicious links or attachments

Stay on guard when you’re on hotel Wi-Fi. If a strange pop-up appears prompting you to click, it might be an attempt by an attacker to send you malware or intrude on your browsing. That said, you should never click on suspicious links or attachments, even when you’re at home. Always try to verify that the sender is legitimate first.

Read more: How to spot common red flags in phishing emails

8. If a public Wi-Fi requires your personal details, provide fake ones

Public Wi-Fi in airports or cafes might ask for information about you before allowing you to proceed. If this is simply for data collection and not to verify your identity, or if you’re not sure of the purpose, then always try to provide fake information first.

In hotels, it’s more often that your name and room number that are required to verify the user. If it requires any other details, make it up.

How can a VPN protect you on hotel Wi-Fi and other public networks

The risk with hotel Wi-Fi is the networks tend to have poor security, meaning it’s easy for intruders and hackers to break in and attack users or see what you’re doing online.

The answer is strong encryption, and a VPN app is the easiest way to encrypt your online activity. This means no one can see what you’re doing online and no one can read what you’re transmitting over the internet apart from you and the site, service, or person you’re communicating with.

Read more: What does a VPN hide?

FAQ: About hotel Wi-Fi safety

Can you get hacked using hotel Wi-Fi?
Do hotels monitor their Wi-Fi?
Is it safe to connect your phone to hotel Wi-Fi?
What should I do if I need to use hotel Wi-Fi for work?
Phone protected by ExpressVPN.
Protect your online privacy and security

30-day money-back guarantee

A phone with a padlock.
We take your privacy seriously. Try ExpressVPN risk-free.
What is a VPN?
Hi, you've reached Marcus. Dial '1' for privacy, '2' for point and click adventure games, and '3' for paranormal stories. For all other enquiries, please stay on the line and he'll be with you shortly.