This story has been updated. It was originally published on October 15, 2019.
Sharing a WiFi network with a bunch of strangers isn’t a great way to keep your data private. Taking the necessary precautions is easy when you’re using a single laptop on free coffee shop WiFi. But if you’re living in a place where you share a network with your neighbors, things start to get complicated. That girl from down the hall seems nice, but you don’t know her. She might be a hacker, right? Or that man from two floors down who always lets you say “Hi” to his chocolate Labrador. Doesn’t he seem like the kind of person who has no idea his laptop is filled with malware?
Many apartment buildings bundle internet service with rent, putting everyone in the building on a single, easily accessible network. Sometimes they’re open networks anyone can join, with a portal you have to sign in through to get internet access. Other times they use a standard WPA2 password, like a typical home network. Some apartments may go as far as to create separate WiFi networks for each apartment—definitely the preferred route—but since you don’t get to set them up, they could have easy-to-guess passwords or other security holes. In other words, if you don’t have control over the WiFi network you use at home, you could be at risk.
“Sharing a WiFi network with unknown people is, as a rule, unsafe,” says April C. Wright, a security consultant at ArchitectSecurity.org. “It exposes your device and network traffic to eavesdropping and attack.” There are proper ways an apartment complex can set up a network like this, Wright says, but you never know what your landlord has done—and good luck getting them to explain it to you. There’s a good chance they don’t even know, since this is the kind of job that typically gets outsourced.
To make matters worse, you might not have the option to get your own separate internet plan: The cable company may have a deal with the entire building, or other internet providers are so terrible that it isn’t worth doing so. And if the rent is affordable and the building is nice, it’s hard to turn down a great place to live just because of the WiFi.
Thankfully, even if you don’t have control over the building’s network, there are a few things you can do to make your devices more secure.
“Separating the building’s WiFi network from the home’s network is the ideal configuration to protect the home devices,” explains Wright. “This requires a wireless bridge to act as a firewall between the external and internal networks.” There are a few ways to do this, but the best options require you to have your own, personal WiFi router.
If you have physical access to the building’s router (or an Ethernet port in your apartment that connects to the building router), you can just connect the WAN port of your personal router to one of the LAN ports on the building router using an Ethernet cable. Then you can set up your own WiFi network from your personal router as you would with any other internet subscription.
If you can’t plug in directly, you can buy a WiFi bridge like the TP-Link TL-WA901ND Wireless Access Point. Connect it to your building WiFi in “Client Mode” using the TP-Link web interface, then connect your personal router’s WAN port to the WiFi bridge’s Ethernet port. It doesn’t have to be this particular TP-Link bridge, of course—you can do this with any network extender that can provide wireless internet to wired devices. Just note that the process and terminology may vary slightly from device to device.
In both of these scenarios, your personal router basically sees the building’s network as the internet, allowing you to create your own WiFi network as you would in any other home or apartment. You control the network in your apartment, and while you’ll be able to see other building tenants’ devices, they won’t be able to see yours—just your router.
That’s the biggest piece of the puzzle, since the router will perform network address translation (NAT), acting as a sort of firewall between you and the rest of the building. But beyond that, you need to be extra careful about your normal security practices, too. “Using a VPN whenever you are connected to a WiFi network (even at work) is a must, on phones and computers,” Wright says. “The VPN software should block your internet access while it is not connected to the VPN.” You can check out some of our favorite VPNs, and learn how to set one up on your phone using this guide. Alternatively, if it supports the feature, you could set up a VPN directly on your router—that way all of your outgoing traffic is encrypted, including devices like your smart TV that might not have their own VPN apps.
Finally, use multi-factor authentication on all your online accounts, set up a guest network for anyone that visits your home (don’t give out the password to your home network), and make sure the firewalls built in to Windows and macOS are active at all times. The more of these tips you can implement, the better off you’ll be—creating your own WiFi network with the aforementioned bridge can help, but you need good everyday security practices too. As Wright puts it: “Endpoint devices should not rely solely on network protections, and networks should not rely solely on endpoint device protection. You need both.”