On a recent trip to Hong Kong, I noticed that all of the public parks were covered by free government WiFi. I was wary of joining the open networks, though, because Ars contributor Glenn Fleishman warned me of sniffers and attackers ahead of my trip. When I joined, however, the welcome page told me to join another, encrypted version of that network with the password "freegovwifi." I later learned that this was indeed an official service from the Hong Kong government, and the encrypted network was meant to protect people like me from having their login credentials sniffed by lurking bad guys.

Such a practice should become the de facto standard for open WiFi networks, according to Sophos security researcher Chet Wisniewski. Wisniewski says that businesses that offer free WiFi to customers—such as Starbucks or hotels—are still putting everyone at risk of being sniffed and hacked by leaving their networks open. If those businesses were to simply lock their networks down (WPA2, of course) with the password of "free," then customers' information would be much more secure and the world would be a happier place.

"What is the value of a password if it is a 'well-known secret?' WPA2 negotiates unique encryption keys with every computer that connects to it," Wisniewski wrote in a blog post. "This means you and I cannot spy on one another's traffic even when sharing access on the same access point."

Wisniewski's idea comes in response to the recent introduction of a Firefox extension called Firesheep that makes it easier than ever to sniff cookies being sent over unencrypted WiFi networks. Firesheep lists out the login credentials of other users that it has found in a sidebar, and allows the Firesheep user to instantly log in as those people. Though there is now an extension to combat Firesheep (called BlackSheep), only savvy Firefox users who were already aware of Firesheep would even be aware of it—the rest of the public would remain unprotected.

Wisniewski argues that Firesheep wasn't the most delicate approach to showing service providers why they should use SSL/TLS to protect user sessions, but said that it achieved its goal. By protecting the free WiFi networks with a simple password, businesses would be taking that level of protection a step further.

"This is a golden opportunity for a high-profile provider of free WiFi to step up and show us how easy it is," he wrote.

Update: Glenn brought our attention to a writeup he did at BoingBoing that addresses Wisniewski's proposal. Basically, he says that setting passwords on free WiFi networks is a step in the right direction, but it won't stop Firesheep from sniffing your logins.