Offering Public Wi-Fi Service Requires Authentication. Here’s why.

Numerous property owners have been offering free, open Wi-Fi services for many years in a variety of settings such as retail, hospitality and multi-family buildingsAvailable networks are widely used by visitors and residents, who often assume the provider is ensuring some level of security and don’t consider (or aren’t aware of) the risks.  

However, it’s becoming more important for both users and network operators alike to understand the risks and mitigate them for their own protection. 

Allowing access to your Wi-Fi network without authentication protocols exposes your property and network users to avoidable risk.
Treat your Wi-Fi network as an asset and focus on planning for its maintenance will enable you to keep it secure against individuals that will exploit it for their own benefit. Common examples of network attacks include:

    • ‘Honeypot’ networks where an identically named and branded network is set up, and traffic is inspected for login and credit card data. 
    • Injection of malicious ads into otherwise legitimate content to redirect to alternative websites and to spread malware.  
    • Use of the network for illegal activities such as the transmission of hate speech, stolen assets, or other illicit material.

Increased Liability for Property and Network Owners.
Hacker attacks occur every 39 seconds. If one originates from your network and there is no clear, demonstrable evidence that the network has been secured with a login requirement or at the very least that users are aware of—and have accepted—terms of use, you may be liable for the activity and even face financial or custodial penalties under computer fraud and misuse legislation. 

As the entity responsible for running the network, clearly communicate the intent of the service provided both in your agreements and online when a user takes advantage of the service. It’s imperative that you can demonstrate that you have authentication protocols in place and that your network users have accepted terms and conditions of network use to limit your liability.  

As a network operator, it’s imperative you know the applicable legislation regarding record keeping, access to those records for law enforcement, and how long those records should be retained.  

Help Prevent End Users from Becoming Victims of Identity Theft 
Risks to an end user are perhaps the most obvious: If a user can simply turn up and “get online,” exposure to risks such as interception of login credentials, credit card information, and the possible installation of malware onto devices is difficult if not impossible to control. Easily and cheaply available hardware, coupled with tools such as Wireshark, allow bad actors to see anything transmitted over the network – from devices performing network discovery through to websites visited (via DNS requests), and data shared with HTTP websites.  If there is no security, the provider can protect themselves at a basic level by presenting a disclaimer and further protecting themselves by implementing a form of authentication. 

Protect Proprietary Business Data and Sensitive Information
If your employees decide to meet with others in public venues and require network access, the risks to the user can cascade to the employer. Credential interception and malware injection can lead to corporate network infection or compromise which could lead to loss of data, intellectual property, or access to other sensitive data in the enterprise. Content exchange on open networks puts companies at risk of exposing information, credentials and data. 

How can you secure your network and limit your liability without disrupting service?
You’ve got a few options: These include traditional portals that require a user to “log on,” continuing to low friction high security options like keybased and profile authentications. 

    1. Traditional Portal
      A secure captive portal to your network has more than just a checkbox to accept terms and conditions: The user should be required to sign up if it’s the first time they are using the serviceor log on using an existing credential. Be sure to have prominent links to terms and conditions, which include all necessary legal terms of use that limit your liability as the property or network owner. The network should also restrict access to high-risk services, helping to prevent some of these activities from occurring in the first place.
    2. KeyBased
      Requiring a user to request an access key and presenting them with terms of use is another option. This approach is common in multiple dwelling unit (MDU) scenarios. Residents can be given terms of use to accept as part of the rental agreement during the move-in process.
    3. Profile Based
      Creating a profile that provides a user network access for their registered devices is more secure especially if you have multiple locations and large volumes of transient users on your network. You can learn more in our blog post “It’s Time to Rally Behind Passpoint“.

Single Digits can secure
 your Wi-Fi while maintaining a seamless user experience.
Whether you need a complete solution that includes captive portalidentity provisionsecure profile download or any individual part thereof, we can help.

Contact us to discuss how you can secure your network, limit your liability, and provide the protection users expect without disrupting service.

By Charlie Allgrove
Product Developer/Architect, Single Digits

Now that you know what you’ve been missing,