WiFi has had a rough security past. The 802.11a, the first WiFi standard, first came out, there wasn't much security set up around using it. The WEP security standard was added later, but has been easily broken and found to be as weak as not encrypting your connection. A new standard, WPA, was soon introduced, but it has recently been found to have a weakness that may lead to it being completely useless too.

So, how does WiFi security work and how do you protect your network and your communications when using it?

How WiFi Works

A wireless connection acts like a two way radio, where one side is the router and the other is your computer. Your computer identifies itself with an id number and then asks the router to get some information for it from the internet. the router then gets the information, whether that's email or your latest Twitter posts, and sends it back to your computer via that id.

When you visualize that, you might be thinking of the router sending long wavy lines to your computer and your computer sending wavy lines back to the router. But it's really not. Like a walkie-talkie, the router just broadcasts the data in all directions and just hopes your computer gets it. Also like a walkie-talkie, every other computer is getting the same signals, your signals with your data.

the way computers normally work is by checking that id that the router sends. Since it sees everything the router is sending and even everything every other computer in the area is sending, it checks each message to see if the message is for it. Does this message have my id? Nope. Ignore it. Does this message have my id? Yep, process it. And on and on for every single message it sees.

The Consequences

More importantly, there's nothing stopping the computer for taking every message anyway and doing whatever it wants with it. They can save it for later perusal, search it for passwords or upload it to another server somewhere. If you're on an open access point, say in the airport, hotel or restaurant, everyone in the are can see everything you're doing on the network.

Hotels and airports have actually become areas ripe for identity theft because of this. Many people still access their email and online accounts in an in secure fashion and, over an open network, all of that is available for anyone to steal.

The Solution

There are ways to secure an access point that you own. You should do the following steps for home and office access points that you are in control of.

Enable WPA2 Encryption

Open your access points settings and enable WPA2 Personal encryption with a nice strong password. You can get a truly random password to use via the GRC perfect password site. Feel free to write this down and keep it somewhere in your house or on your computer. It's not a password you'll want to forget and it's also not that bad of a password for someone to get their hands on since it will only allow them to log into your network.

Using WPA2 will encrypt your messages over wireless. Everyone will still be able to get them, but they'll just be so much garbage and impossible to crack. Also, by using WPA2, everyone else on the network will get a different key for the encryption, so even if you and a hacker are logged in, he still won't be able to read your messages. WPA2 is vital if you're using WiFi in your home or office.

Be Careful on Open Networks

Watch what you do on networks you don't have control over. If you must connect to check your email, make sure you connect in a secure way. that means SSL or TLS for email in Outlook, Thunderbird, or Mail.app and using https: for any web based email like GMail, Yahoo! Mail or MSN Mail. If you have to log into any other sites, verify https.

You can also set up a Virtual Private Network, but that can end up being a huge pain to set up and maintain. I'll try to cover some simpler ways to do it in later posts.

For now, just be fully aware of what you're doing on open networks. Assume everyone can see what you're doing and act accordingly.

Answer: Maybe

Is WiFi secure? Not open networks, and some secured networks aren't even very secure. If you use WPA2 encryption with a good password, you'll be okay. there's also WEP encryption, and if you know anyone using it, tell them to stop. It is no longer secure and can be hacked in a matter of minutes, putting all of your data right back out in the open.

Bottom line: be careful on open networks and use WPA2 on networks you control.