eduroam sets strict security requirements for all eduroam services. These include:
- Wi-Fi encryption
- Enterprise-level authentication.
eduroam vs public Wi-Fi
eduroam applies strict security standards for Wi-Fi connections. Strict encryption and authentication settings keep your devices and information safer on the Wi-Fi network.
This table shows the key differences between using eduroam and public Wi-Fi networks:
| Feature | eduroam | Public Wi-Fi |
| Encryption | WPA2/WPA3-Enterprise (secure) | Often open or weak WPA2-Personal |
| Authentication | Secure 802.1X/RADIUS | Usually none or browser-based |
| Global Access | Yes, at participating sites | No |
| Credential Safety | Home institution only | May be exposed to local network |
| Trust Level |
High Only verified institutions |
Low Anyone can set up a public hotspot |
Encryption
eduroam Wi-Fi networks use WPA2-Enterprise or WPA3-Enterprise to encrypt data between your device and the access point. This prevents unauthorised people nearby from viewing your personal information and activity online.
Enterprise-level WPA protocols offer a higher level of security than Personal or unencrypted protocols. Every device connected to the access point gets its own encryption key. This ensures that other devices connected to the same access point can’t simply use a shared key to decrypt the data sent by your device.
Authentication
You enter your login credentials when your device connects to an eduroam service.
It uses either 802.1x or RADIUS to authenticate you and assign you access to its eduroam facilities. Typically this includes internet access; it might also include limited local network access.
The global eduroam site has more information on authentication.
Global access
eduroam is available at participating educational and research institutions worldwide. Every eduroam network follows standards of security and reliability, providing a consistent experience.
Credential safety
When you log in at a host institution, eduroam securely sends your credentials to your home institution for authentication. This means that host institutions do not see your login information.
Trust level
An institute must be verified and adhere to strict eduroam network standards to be approved as a host institution. In contrast, public Wi-Fi hotspots can be set up by anyone.
Internet
eduroam does not encrypt your data on the wider internet after you log in to the network. This is not a service that eduroam can reasonably provide.
However, to add a level of protection to your internet activity, you can:
- Use a VPN.
- Install antivirus or endpoint protection software on your device.
- Visit only https sites.
- Keep your device applications up to date; especially the operating system and browsers.
- Use a software firewall on your device.
Faked SSIDs for unauthorised access points
SSIDs can be spoofed. To protect against this:
- Enable your device to check server certificates. This means that your device will require the access point to have proof that it actually is what it claims to be.
- Check that the SSID is encrypted.
- Check the SSID against the listed SSIDs for the location. Typically, an eduroam SSID will look like eduroam.
Privacy
Host institutions might monitor and log your activity while connected to eduroam. Check the terms of use for your host institution.
Malware and viruses
Your access to an eduroam network might be limited or blocked if your device harbours malware or viruses.