Hotel Wi-Fi security

By Tom Conner
This item appears on page 41 of the November 2019 issue.

In the letter “Protecting a Bank Account from Theft” (July ’19, pg. 38), a subscriber said that, while traveling, he checks his bank balances online, not by using an unprotected Wi-Fi but using one that requires a password, such as in a hotel.

Avoiding unprotected Wi-Fi is a good idea, but no one should blindly trust a hotel’s computer network.

Different hotels’ Wi-Fi use different security methods, depending on how their networks are set up. Some use simple password access, where everyone in the hotel uses the same, unchanging password. That password can easily be passed around to people both inside and outside of the hotel, making the Wi-Fi more like an unsecured network.

Other hotels use more complex methods, but there is still a possible issue with the trustworthiness of the hotel’s IT staff.

While I was staying in a rather small hotel on a recent trip, a fellow traveler who complained to the front desk about a Wi-Fi issue was led to a small room in the back to consult the hotel’s IT specialist. The traveler, someone experienced in computer networks, noticed that the specialist was sitting in front of several computer monitors watching all of the Internet traffic on the hotel’s network.* This person may have been trustworthy, but are all of them in every hotel?

My first suggestion to readers is do not login to your bank accounts while traveling unless you absolutely must. Why take a chance on exposing your login credentials if you don’t have to?

In lieu of logging in, set up text and/or email alerts with each bank so that you will be notified each time a charge is made to your account or if the account is involved in some other type of transaction.

Another suggestion is to install a VPN (virtual private network) on your computer and/or phone. This is a good network security practice that is especially important if you must access critical accounts. I use NordVPN (www.nordvpn.com), which I’m quite pleased with, but there are many others, including some that are free.

TOM CONNER

Scottsdale, AZ

*The IT specialist is not necessarily monitoring individual guests, just the network. He cannot read guests’ emails or directly view what is on guests’ screens. What he can see are the URLs (addresses) and site descriptions of the webpages being viewed. (If a guest is using a VPN, it will block his web browsing from being monitored in this fashion.)