Make sure to use a VPN on public Wi-Fi. Even though most sites have HTTPS, which prevents most attacks, a few are still possible. The two most common would be:
Man in the Middle - which, contrary to popular belief, is not completely prevented by HTTPS.
Session hijacking - which is basically stealing your cookies.
I have had multiple friends already who have fallen specifically to session hijacking.
Session hijacking is an especially scary attack as it is not prevented by using two-factor authentication.
For some more in depth resources on these attack check out.
https://www.checkpoint.com/cyber-hub/cyber-security/what-is-a-man-in-the-middle-mitm-attack/
https://www.youtube.com/watch?v=xalg8a3eIy4&t=2s