Americans still lax with Wi-Fi security: survey

Free Wi-Fi is everywhere. There are more than a million hotspots worldwide, in everything from coffee shops to airports to hotels, and more.

Finding a free Wi-Fi hotspot is a great convenience, but it can put your personal information at risk.

And, reports Susan Koeppen of CBS station KDKA-TV in Pittsburgh, a recent survey shows the most appropriate mark for Americans when it comes to protecting that info at such hotspots is "D."

The survey, by the Wi-Fi Alliance, found only two-thirds of Wi-Fi users have taken recommended steps to keep the information from prying eyes.

The alliance's Kelly Davis-Felner says, "Consumers should be very, very cautious when using publicly available Wi-Fi."

To see just how easy it is for someone to steal your information while using Wi-Fi, Koeppen headed to Carnegie Mellon University and met up with ethical hacker Spencer Whitman.

"Anyone can capture the traffic coming out of your computer," he told Koeppen.

So she put Whitman to the test, with computers sitting back to back, Koeppen got into CMU's open Wi-Fi network.

On Facebook, she posted a status saying, "Working on story about Wi-Fi dangers! See how quickly our ethical hacker can get into my Facebook account. His name is Spencer."

He said right away that he has "all the information I need right now. ... I can get in as you (Koeppen)."

It took Whitman just 9 seconds to find Koeppen's information on the open network.

Seven minutes later, he was in Koeppen's Facebook account posting messages

"When you go to the airport and sign on to that Wi-Fi open network..." Koeppen began."

"Anyone can see everything you are doing," Whitman finished her sentence.

"So you are basically broadcasting your information?" Koeppen asked.

"That's exactly what you're doing," Whitman confirmed.

To protect yourself, experts say you should always use Wi-Fi networks that have the security feature known as WPA2 -- that's Wi-Fi-protected access version 2.

Look for https - not just http -- in the address bar - it means the website is encrypting your information.

If you have one, use a Virtual Private Network, or VPN, which jumbles your data.

And if you're not sure about the Wi-Fi you're using, never pay your bills online or check things like your bank account.

"Be careful," Whitman advises. "Be aware. And don't do anything sensitive if it's on an open network. ... You never know who's listening."

Experts say your Wi-Fi at home could also put you at risk, especially if your router is several years old and uses an old Wi-Fi security code called WEP - it was cracked by hackers years ago.