Basically, there are three old methods used in public free-wifi-offers. The oldest and worst(!) is just to provide an open, not encrypted, wifi net. Almost everyone is aware of the risk with such nets, but still they are used.
The second worst is to do like many cities, hotels, etc do nowadays: They provide an open wifi with a captive portal which is webpage where all users are directed for registration before they are allowed to use the browser. If the registration is successful the communication through the browser is encrypted.
The third method, used by many cafe's and restaurants, is simply to publish, on paper or orally by the staff, name and password to the wifi. Of these methods this is the best (most secure), but it requires managing of password and staff.
A newer and better method to provide free wifi in public is to do it through an app. It is more safe and user-friendly and gives the wifi-owner the possibility to communicate with users.
Below find more info on these different methods.
An open, not encrypted, wifi-network can be used by anyone, and since it is not hi-tech at all, almost anyone can gather information from others who are using the network.
Cybercriminals can intercept login information, credit card information and, if equipped with the right tools, can even use this information to lock users out of their own devices, says Intel Security’s VP of consumer, mobile and small business security, Nick Viney.
All new smartphones and PC:s are supposed to warn the user of this type of open wifi-networks and require an active approval before connecting.
There are a lot more information to find about the risks, just google risks with open wifi
Adding a captive portal to an open wifi will make security better.
The wifi accesspoints are configured to direct all users to webpage where they have to register or log in (there are various methods) before reaching Internet. All traffic is transferred through the portal where it is encrypted.
Read more on Wikipedia: Captive portals
One type of this portal is Social Wifi, which is deployed together with Facebook login
The wifi connection is still open and unsecure, the smartphone (or PC) will probably warn and ask for permission before connecting to portal. The webpage launch will take time, in some cases it even fails completely due to DNS-problems, meanwhile it is silent and hard to understand what's happening.
Read more about risks and drawbacks here.
The most secure method for free public wifi is of course(!) to publish wifi name and password for login the common way using the phone's settings.
Note, the protocol should be WPA2. The older WPA and WEP are not sufficient.
With this method it is more likeley the human factors (fingers) will cause problems. As we all know, it might be difficult to key in the right password :-). And for the wifi provider it might be difficult to manage passwords. The staff must know them and communicate them with guests, passwords have to be changed now and then..
- Use apps instead, they are more secure than captive portals, IT-experts say. WifiFront is such an app. You get a secure WPA2-connection and wifi name and password is managed by the wifi owner in a cloud service. Thus, they are not visible at anytime for the users or anyone else.
Connection to a wifi is very easy. Just press the button in the app, copy the password and paste it in the phone's wifi settings.