Upvote:1
If the wifi is unsecured, it means that all data is sent as-is without encryption over the air between your device and the access point. Anyone can sniff the traffic, and see exactly what's going there. Using secure connection (e.g. HTTPS), then the data is encrypted and essentially secure, although the source and target IP addresses are not, since it's still run over plain TCP/IP.
On a secured wifi, even though everyone has the same password, cracking it is not quite as straightforward. Connecting to the network will be done through a handshake, where each connection gets its own encryption key -- all data sent over the air between your device and the access point will be encrypted with this key. Of course, some wifi encryption methods are easier to crack than others, so it's still advisable to use HTTPS and other secure protocols on top of it.
Also, just requiring to input a password does not necessarily means the wifi is secure. Quite often you will just need to login to a proxy server to let you access the internet, while the wifi itself is unsecured.
Upvote:2
Does the hotel's wifi asking for a password make any difference to the visibility of your internet traffic? (A guest/hacker in another room would also get that password and could detect your traffic.)
This depends - is the password entered via a captured portal (do you get redirected to a payment or login screen when you try to browse) or when you select the network in your network settings and enter a wifi key?
If the former, then the network is essentially open to all, and only the internet route is blocked for payment or authorised users. In this case, wifi packets can be sniffed easily enough.
If the latter, generally you are safe, as there is encryption inplace between you and the router.
If you log into your bank over hotel wifi, that's encrypted. (Presuming your bank's site is https://... -- and if it isn't, change your bank.) Sure a hacker could see that there's traffic, but couldn't crack it to get your banking password(?)
Yup, HTTPS is secure enough - there are situations where HTTPS can be mitigated by a network provider, but they generally apply only if there is ever a situation where the network provider gets to install something on your computer - you should never accept this, as they can install a root certificate of their own and then man-in-the-middle all of your traffic on that network.
Your third question isn't really a question at all.
Also note that you aren't safe from attack if you use the Ethernet cable connection often provided in hotel rooms - network routers can often be forced into promiscuous mode, allowing anyone on the network to receive all your traffic.