How Secure Is Hotel Wi-Fi, Really?

Whether you're checking in for a flight, catching up on work emails, or keeping in touch with friends and family, using a hotel’s Wi-Fi network is likely on your agenda. This common amenity aims to enhance the guest experience but also comes with significant security and privacy concerns.

With identity theft reaching unprecedented levels in the United States, a new victim is targeted every 22 seconds. In recent years, major hotel chains like Marriott Bonvoy Hotels, Hilton Worldwide Holdings, InterContinental Hotels Group, and Hyatt Hotels have reported data breaches, making their Wi-Fi networks risky for sensitive tasks such as online banking and accessing confidential work documents.

“Hotel Wi-Fi often falls short of security expectations, mainly due to a lack of robust protective measures,” says John Price, CEO of SubRosa, a cybersecurity and risk advisory firm. “These networks are usually open to numerous guests, including potential malicious actors who could intercept data transmitted over the connection.”

That said, you can still use your hotel’s internet. It’s essential, however, to take some precautions. Here’s what you should know to safely navigate hotel Wi-Fi networks.

What are the dangers of connecting to your hotel’s Wi-Fi?

Each month, thousands of guests utilize a hotel’s Wi-Fi, leading to vast amounts of customer data stored in databases, cookies, and devices—making it an attractive target for hackers. Even the FBI has issued warnings about the risks associated with hotel Wi-Fi.

A whitepaper on cyber threats in hospitality states, “Hackers can leverage a hotel’s Wi-Fi system to access guests’ laptops or mobile devices, using malware to infect these devices, steal data, and capture passwords for bank accounts and more.”

The simplest way for hackers to obtain your personal information is through unsecured networks, which allow anyone to log in without a password. Once connected, hackers can intercept sensitive data like passwords and credit card information. It’s best to avoid using unsecured networks altogether. Additionally, even if your browser shows a welcome or sign-in page, it could still be an unsecured connection.

“You can verify the security of the network through your device’s settings—typically, there’s a section indicating the network's security type,” explains Alexander Linton, director of the encrypted messaging app Session. “Secured networks require a password for connection, but if that password is widely shared, it still poses risks to your security and privacy.”

Another concern is a Man-in-the-Middle (MITM) attack, which Linton describes as a situation where “the attacker can intercept and potentially alter your communication. For instance, if you're trying to access your bank's website, a MITM could present a ‘fake’ version of that site to steal your login details.”

Threats also arise when hackers masquerade as a legitimate Wi-Fi network—the so-called ‘bad twin.’ In this scenario, cybercriminals create fake, unsecured Wi-Fi hotspots near the hotel to lure guests into connecting,” explains Franklin Orellana, chairperson of the Data Science Program at Post University. “These networks often use misleading names like Guest Wi-Fi or Free Hotel Wi-Fi. When victims connect, their personal information is sent directly to the hacker.”

How to Safeguard Your Information on Hotel Wi-Fi

Using hotel Wi-Fi to search for restaurant suggestions or local attractions is generally safe, according to Kurt Long, cofounder of Bunkr, a cybersecurity firm. However, he warns that risks significantly increase when conducting transactions or sharing personal information.

“A good rule of thumb is to assume that hotel Wi-Fi is compromised,” Long advises, adding that “this should be the assumption for all public networks, not just the Wi-Fi at our hotel.”

Here are some tips to reduce your risk of identity theft, fraud, and cybercrime.

Use a VPN

A virtual private network (VPN) encrypts your internet activity, making it impossible for anyone to see or steal your data if they intercept your connection. Be sure to choose a reliable VPN service and connect to it whenever you access hotel Wi-Fi.

Enable HTTPS

Websites using HTTPS encrypt the data exchanged between your browser and the site (the S stands for secure). Look for https:// at the start of the URL or a padlock icon in the address bar to confirm your connection is secure, especially when entering sensitive information like login credentials and credit card details. Linton also suggests downloading a browser extension like HTTPS Everywhere, which alerts you if the site you’re visiting isn’t encrypted with HTTPS.

Keep Your Software Updated

Make sure your operating system, browser, and antivirus software are all current. Updates frequently contain security fixes that guard against known vulnerabilities.

Implement Two-Factor Authentication

Activating two-factor authentication on your accounts provides an additional security layer by requiring a second verification method (like a code sent via text) along with your password during sign-in.

Steer Clear of Sensitive Transactions

Avoid accessing banking services, making online purchases, or entering sensitive information while using hotel Wi-Fi. If you must conduct a sensitive transaction, opt for your mobile data connection instead of relying on the hotel’s Wi-Fi.