CB Connor Blake – Expert
Newsletter
Digital Assets, Network Security, Security

Is Public Wi-Fi Safe for Checking Your Bank or Crypto Account? The Honest Answer

Digital Assets, Network Security, Security 4 min read

The question comes up regularly, and I want to give you a straight answer rather than the usual paranoid “never use public Wi-Fi for anything” advice, which isn’t realistic, or the breezy “it’s fine, HTTPS protects everything,” which isn’t entirely accurate either.

The truth is more nuanced — and knowing where the actual risks are makes the difference between sensible caution and unnecessary anxiety.

What public Wi-Fi actually looks like from a security standpoint

When you connect to Wi-Fi at an airport, coffee shop, or hotel, you’re on a network with other strangers. In the early days of internet security, this was a bigger problem than it is now, because most web traffic was unencrypted. Someone with the right software sitting at the next table could intercept your traffic and read it.

That’s much less of an issue today. The vast majority of websites and apps use HTTPS, which encrypts the connection between your device and the server. If you’re using your bank’s website or app and the connection is HTTPS (look for the padlock in your browser’s address bar), the content of that connection is encrypted even on public Wi-Fi. An attacker sitting nearby sees that you’re connecting to something, but not what data is going back and forth.

So: checking your bank balance over HTTPS on public Wi-Fi is not as dangerous as it used to be.

Where the real risks still are

Fake hotspots. This is the one I’d worry about most. Setting up a hotspot called “Starbucks Free WiFi” or “Airport_Guest” costs nothing and takes two minutes. If you connect to a hotspot run by an attacker instead of the legitimate one, they control the network. They can intercept traffic before it’s encrypted, present fake login pages that look like the real thing, or manipulate what you see. You usually can’t tell from the network name alone that you’re on the wrong one.

Mitigation: Before connecting to a public hotspot, confirm the official network name with staff. Most coffee shops and hotels have a card at the counter or on the receipt with the Wi-Fi details. If you’re in doubt, use your phone’s cellular data for anything sensitive.

Shoulder surfing. Not a cyber threat, just a physical one. In a crowded space, someone nearby can see your screen. For financial accounts, be aware of who’s around you.

Session hijacking (less common than it sounds, but real). Even with HTTPS, some apps have implementation weaknesses. If a poorly written app uses HTTPS for the login but then falls back to an unencrypted session token afterward, that session can be intercepted. Major banks and crypto platforms generally do this right, but smaller or less well-maintained apps may not.

Malicious captive portals. The “log in to access the Wi-Fi” page you see at many hotels and airports is a captive portal. Legitimate ones just ask you to agree to terms. Malicious ones might ask for login credentials or push software to your device. Never install anything from a captive portal.

Crypto specifically

Cryptocurrency wallets and exchanges deserve extra caution beyond banking, for a few reasons. Crypto transactions are irreversible. There’s no fraud department to call. And attackers who target crypto users tend to be more sophisticated than those running generic schemes.

If you’re checking a balance or looking at market prices, the risk is low. If you’re initiating a transfer or signing a transaction, I’d be more careful. For anything involving moving funds, use your phone’s cellular connection or a VPN rather than a public hotspot.

The VPN question

A VPN encrypts all your traffic and routes it through a server you trust, before it reaches the public internet. This neutralizes the threat from fake hotspots (the encrypted tunnel is established before any of your traffic reaches the attacker’s network), and it prevents network-level surveillance of which sites you’re visiting.

A VPN is a reasonable tool on public Wi-Fi, especially for crypto users or anyone who regularly works from coffee shops or hotels. It’s not perfect — you’re trusting the VPN provider instead of the hotspot operator — but reputable providers like Mullvad or ProtonVPN have strong track records.

The practical summary

On public Wi-Fi:

  • Checking bank balances or reading email over HTTPS is reasonably safe, as long as you’re on the legitimate network
  • Confirm the official hotspot name before connecting
  • For anything involving initiating financial transactions or moving crypto funds, use cellular or a VPN
  • Keep your phone’s operating system and apps updated — unpatched vulnerabilities are how most real-world attacks succeed

The risk on modern public Wi-Fi isn’t zero, but it’s nowhere near as alarming as some articles make it sound. A little awareness goes a long way.

Connor Blake
Written by
Connor Blake
IT Specialist · 20+ Years

Connor writes practical guides on Wi-Fi, mesh networks, and home security — breaking down complex IT topics into clear, beginner-friendly steps.

More about me →