Wi-Fi in European hotels

Most places in Europe where I have used WIFi in the last few years do seem to use a password. Occasionally, there is no password. But in a dense area, most places won't leave their WiFi open or everyone would steal it, using all the bandwidth and making it slow for everyone else.

If you care about security that much, ask your IT guy at the office about how to setup a VPN on your device before you go to Europe. Even password-protected WIFi doesn't guarantee your security. Anyone else on the network could sniff your traffic - or if the WiFi network has a weak password that could easily be guessed, the fact that it has a password is somewhat irrelevant.

In fact, I did speak to him about a VPN and he did recommend it as an extra level of security, over and above the password protected Wi-Fi.

Generally the password protected WiFi networks I've seen have given every user the same password, which I understand isn't much more secure than being an open network. Someone could still set up a man-in-the-middle attack with such a network, for example.

In every hotel with Wi-Fi that I've stayed in, a password was required. But most of them use the same password for everyone, and seem never to have changed it (for instance, it will be the hotel's address). So while it's better than no password at all, I certainly wouldn't consider it "secure" for things like financial transactions.

Some hotels do have higher security. The one I remember was my hotel in Toulouse, where a password was generated just for me, just valid for my days staying there, and requiring re-signing on their website in EVERY time (even if my iPod or netbook just went into sleep mode, I had to log back in to get back online!) But again, that's unusual.

For most networks, you put in the password at the network/Wi-Fi screen, and you stay signed in. But some require you go to to a webpage to complete the sign-in, and you have to sign in every time. I've found that with my netbook, many of these don't work with Firefox but do work with Internet Explorer. Once signed in, I can use any browser.

Wi-Fi in restaurants usually requires a password, but sometimes is open. A wrinkle I found a few weeks ago in Spain was that to use some Wi-Fi in restaurants, museums, etc, one had to either sign in with Facebook (which I'm not on), or give them an e-mail address so they could send you the sign-in link. So, if you don't want to give your e-mail out, you can't get on their Wi-Fi.

Your data may already be encrypted depending on what online services you're using. Any https website is encrypted. Also Apple's iCloud, Facebook, Google's Gmail, and even this forum use encryption.

I stayed at one hotel in Mainz (Königshof) where they gave you a new password every day. I think they also gave you an ID at check in and the password was unique to your ID, but I'm not sure.

dc,

I've found that pretty much all the hotels I've stayed at over the years require a password for Wi-Fi. In some cases they provide a password that's good for the entire stay, while in other cases they generate one on a small adding machine tape that's only good for set time (ie: 24 hours).

Aside from the issue of passwords, I've also found wide variations in the quality of service at European hotels. In some cases, Wi-Fi works in the rooms and throughout the hotel, while in other cases it works best in the lobby but may be intermittent in certain rooms. In one hotel I had to place a chair by the door of the room, as I couldn't get a signal when sitting a few feet away on the bed. I've also found wide variations in speed. In some hotels Wi-Fi is as fast as my service at home, while in other cases it's very slow.

On a related matter, I also found variations in service level with cellular data. In some cases I had 3G service available, while in other cases only the older and slower EDGE was available.

I'm usually not too concerned about network security for checking E-mail or whatever. If I'm doing any banking, I use the app on my phone and do it via 3G service, which I believe is encrypted.

Password or not, it's still basically "public" wifi. Browse any website you want that doesn't require log-in, but why take the chance of sending out your banking, email, work log-ins? Not worth it.

Also remember older, larger hotels still have that antiquated thing called a business center, which will have at least one hardwired computer and a printer. But still, it's a public computer and can have malware that tracks passwords and keystrokes. Again, not worth it.

Your data may already be encrypted depending on what online services you're using. Any https website is encrypted. Also Apple's iCloud, Facebook, Google's Gmail, and even this forum use encryption

There is a way to for a miscreant to set up a spoof access point with the same access point name and password as the hotel's legitimate access point. When the unsuspecting user establishes an encrypted connection it's actually encrypted as far as the spoof access point and then encrypted again from there to the legitimate sites you're connecting to. Everything you type, including account names and passwords, is logged by the "man in the middle."

That's why we've mentioned that it's more secure when the hotel gives every user a unique password, or even better that you VPN to a known safe access point back home.