Can passwords be figured out via public wifi?

Question

Few different scenarios:

1a) On public McDonalds wifi, logging in gmail account (or any account such as skype). Can a random user who is using the same wifi somewhat intercept the signal and figure out the password?

1b) Same situation as above, except that gmail is already logged in and accessing gmail.

2a) On random public wiki, logging in gmail account. Can the owner of the wifi figure the password out?

2b) Same as above, except already logged in.

I assuming that in the 2a case, they can, but I am not sure about 2b

score 1 · Accepted Answer · answered Aug 25 '14 at 21:30

1

For your questions relating to Gmail, they can intercept the traffic - but Gmail uses SSL/TLS to encrypt your traffic, so they would only be able to see the encrypted content. Google uses HSTS to enforce the use of HTTPS, so you should be fine.

For any account that doesn't use an encrypted protocol (http, ftp, telnet, etc.), then yes - your credentials can be sniffed out easily.

answered Aug 25 '14 at 21:30

James Spiteri

251
1
2

so in situations 1a & 1b, the password cannot be figured out? – john2546 Aug 25 '14 at 21:37
No, not by simply sniffing your traffic. – James Spiteri Aug 25 '14 at 21:40

score 0 · Answer 2 · answered Aug 25 '14 at 21:23

It's very unlikely if you are using https, and not allowing your browser to continue if that's anything wrong with the certificate. The communication with a secured server is always encrypted, and is almost impossible to lose your password on those scenarios.

On the other hand, if you see an alert that the certificate cannot be trusted, and go ahead anyway, you are almost giving your password away.

Can passwords be figured out via public wifi?

2 Answers2