Staying Safer on Public Networks


When using an open wireless network at a hotel or coffee shop, make sure that sites getting any of your personal information have their security certificates in order.

Q. When I use an unsecured network and log into a website, does S.S.L. (https://) prevent anyone from capturing my password?

A. Secure Sockets Layer, also known as S.S.L., is a worldwide technology standard that creates a private, encrypted link between the web browser on your computer and the web server you are communicating with online. Using a S.S.L. connection lowers the risk that someone on a public network could intercept sensitive information like credit card numbers or passwords transmitted between you and the site you are using.

Sites that have S.S.L. enabled typically have an U.R.L. that starts with https:// and display a padlock icon in the address bar; some browsers show the site’s name in green as well. However, just because a site is using S.S.L. technology does not mean you are fully protected from internet ills.

You can usually see a website’s verified security information by clicking the padlock icon in the browser’s address bar.CreditThe New York Times

To set up S.S.L. on a site, its administrators must get a security certificate from a trusted source or “certificate authority.” The digital security certificate ensures that, among other things, the owners of the site have been verified as legitimate and that the communication with users will be encrypted.

But just because the connection to the site is secure, it does not mean the site itself is safe — so avoid giving personal information to websites you are not familiar with, even if it shows a secure connection. A Certificate Authority can sell certificates to all kinds of sites, including ones that may be quietly slipping malicious software onto your computer when you visit. (In past years, fraudsters have even set up fake S. S. L. certificates and have tried to break the encryption, so the technology itself is a target.)

Sites can also purchase security certificates with different levels of validation from trusted authorities. These levels include the basic Domain Validation for standard encryption and verification, and go up to Extended Validation, which has the highest level of security because the site goes through a more thorough level of vetting before the certificate is issued. In theory, a sinister site wanting to appear secure could quickly get a simple Domain Validation certificate and set up shop.

So while a S.S.L. connection indicates your communications with a website are encrypted even on public networks, you can increase your safety level for all your browsing by using virtual private network software to encrypt all your internet traffic on open Wi-Fi networks — if you are not able to use your own secured home network for financial matters and other sensitive business. The Federal Trade Commission’s site has a general guide for using public wireless networks, as well as a guide for keeping your own home wireless network secure.

Personal Tech invites questions about computer-based technology to This column will answer questions of general interest, but letters cannot be answered individually.

J.D. Biersdorfer has been answering technology questions — in print, on the web, in audio and in video — since 1998. She also writes the Sunday Book Review’s “Applied Reading” column on ebooks and literary apps, among other things.@jdbiersdorfer