Join Early Retirement Today
View Poll Results: Do you use hotel or other wifi options while traveling?
Yes, I use free wifi where ever I am to logon to banking and brokerage sites 30 34.88%
I only use hotel wifi to log on to bank and brokerage accounts domestically 8 9.30%
Nope, never logon if outside my home 48 55.81%
Voters: 86. You may not vote on this poll

Reply
 
Thread Tools Search this Thread Display Modes
Old 10-27-2019, 06:09 PM   #41
Moderator
Aerides's Avatar
 
Join Date: Nov 2015
Posts: 4,206
There's a big annual infosec conference held in Vegas - Defcon. Using the convention hotel's WiFi is one of the surefire ways to end up on the Wall of Sheep. Basically a large number of the attendees are also hackers, and will expose anyone who isn't properly securing their devices.

That's the extreme, but I would expect most public wifi's to be far more vulnerable than your own home network.

We should all already use 2FA for any financial account access, no matter where or what device you are using. And yeah... even with that, if you don't need to look up your bank info when away from home, why risk it.
__________________

Aerides is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 10-28-2019, 08:11 AM   #42
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 21,969
Can someone post some facts with sources, rather than opinions or just a "this is what I do" example?

What I'd like to know is, are the passwords I use to access a financial site secure, even on a public wi-fi? It was my understanding that the "htpps" in the url does that for me. Am I wrong?

Maybe there are other good reasons to avoid public wi-fi, but if they can't see my passwords, I'm not sure what the concern is. With htpps, can they see anything?


-ERD50
__________________

ERD50 is offline   Reply With Quote
Old 10-28-2019, 08:21 AM   #43
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
harley's Avatar
 
Join Date: May 2008
Location: Following the nice weather
Posts: 7,373
This is what you need to be concerned about with public wifi - a Man-in-the-Middle attack. Once the bad guy has compromised the public system they can make it look like you are communicating directly with your bank (or whatever), but they can see everything that happens.

So no, if you are on a compromised network the encrypted communications are not secure. This can obviously happen in other environments too, but public wifi networks are notoriously bad about security.
__________________
"Good judgment comes from experience. Experience comes from bad judgement." - Anonymous (not Will Rogers or Sam Clemens)
DW and I - FIREd at 50 (7/06), living off assets
harley is offline   Reply With Quote
Old 10-28-2019, 08:35 AM   #44
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
donheff's Avatar
 
Join Date: Feb 2006
Location: Washington, DC
Posts: 9,587
Quote:
Originally Posted by ERD50 View Post
Can someone post some facts with sources, rather than opinions or just a "this is what I do" example?

What I'd like to know is, are the passwords I use to access a financial site secure, even on a public wi-fi? It was my understanding that the "htpps" in the url does that for me. Am I wrong?

Maybe there are other good reasons to avoid public wi-fi, but if they can't see my passwords, I'm not sure what the concern is. With htpps, can they see anything?


-ERD50
I can't cite references but I have always understood that HTTPS creates an encrypted tunnel such that no one sniffing the network (a very real danger on a public network) can see any of the data packets which includes passwords. There are still a couple of gotchas. Some https sites only use https for the logon and then http for the rest of the session. In those cases the data transferred during the unlocked portion could be sniffed. Looking up at the URL bar now I see this portion of my ER Forums session is not secure so that appears to be the case here. This is extremely unlikely with a financial institution but you can check from home to see if the lock remains on. The other danger that I have heard about is that you might get redirected at the initial public network sign on portion to a malicious site that could trick you into opening an executable that could monitor your screen actions (e.g. a keylogger). This could capture your log on credentials before they transition to the encrypted tunnel. Most stuff I have read suggests this as a pretty remote risk but... I always get nervous at hotels that take you through a proxy server.

I remain paranoid about using open access points for financial sites.
__________________
Every man is, or hopes to be, an Idler. -- Samuel Johnson
donheff is offline   Reply With Quote
Old 10-28-2019, 09:24 AM   #45
Thinks s/he gets paid by the post
Car-Guy's Avatar
 
Join Date: Aug 2013
Location: Citizen of Texas
Posts: 3,609
Quote:
Originally Posted by Aerides View Post
There's a big annual infosec conference held in Vegas - Defcon.
Been there many times (6 or 7 times I think) when I was working. There is nothing like attending a week+ long security conference (Blackhat/Defcon) in Las Vegas with all expenses paid (well almost all ) Thousands of security "professionals, hackers, and government agencies" from around the world attend Blackhat/Defcon in Vegas. It's the biggest and most intense IT security conference/training I've ever attended. The only other IT security conference that comes close is RSA, which is held in San Fransisco each year.

I probably spent about 10% of my working days in the last 10 years of my career attending these conferences/training. Probably the only thing I miss about my working years.

One of my favorite topics on this board is when IT security topics are being discussed. I'm "sometimes" impressed with the security knowledge levels of a "few" of the members. "Sometimes"...
Car-Guy is offline   Reply With Quote
Old 10-28-2019, 10:21 AM   #46
Thinks s/he gets paid by the post
 
Join Date: Jul 2015
Location: Beaverton
Posts: 1,283
Generally do not in hotels but will when renting houses which is my preference.
__________________
Jump in, the water's warm.
Bir48die is offline   Reply With Quote
Old 10-28-2019, 10:35 AM   #47
Full time employment: Posting here.
 
Join Date: Jul 2013
Posts: 818
Quote:
Originally Posted by ERD50 View Post
Can someone post some facts with sources, rather than opinions or just a "this is what I do" example?
This is a very technical topic. You aren't going to find a concise summary that accurately describes all the potential issues.

Is a man-in-the-middle attack possible? Yes, but you need to determine if it's something you want to worry about. Personally, I do not.

Some tips:
  • use unique passwords
  • use 2 factor authentication
  • make sure https is being used (in this day and age, that will always be the case)
  • use VPN if you're really paranoid
IMO, if you take these steps, using a public wifi network is just fine. Others will disagree; to each his own.
mrfeh is offline   Reply With Quote
Old 10-28-2019, 10:55 AM   #48
Thinks s/he gets paid by the post
 
Join Date: Apr 2010
Posts: 3,088
We have used hotel wifi for the past nine years of travel. Africa, South America, Asia, Europe, NA. Never an issue. We only travel with ipads, no phone.

The two times we have had our cards compromised have been at home. We make a habit of checking our no FX fee credit card while traveling to ensure that it has not been compromised. There is always a first time though. What I do though is only use specific bank accounts when travelling....one with just enough back up cash and no more in case of compromise.
brett is online now   Reply With Quote
Old 10-28-2019, 10:55 AM   #49
Thinks s/he gets paid by the post
 
Join Date: Apr 2010
Posts: 3,088
We have used hotel wifi for the past nine years of travel. Africa, South America, Asia, Europe, NA. Never an issue. We only travel with ipads, no phone.

The two times we have had our cards compromised have been at home. We make a habit of checking our no FX fee credit card while traveling to ensure that it has not been compromised. There is always a first time though. What I do though is only use specific bank accounts when travelling....one with just enough back up cash and no more in case of compromise. We do not have much choice when we are on extended trips.
brett is online now   Reply With Quote
Old 10-28-2019, 11:00 AM   #50
Thinks s/he gets paid by the post
Rianne's Avatar
 
Join Date: Aug 2017
Location: Champaign
Posts: 2,452
Quote:
Originally Posted by Splash View Post
I try to only use our secured WIFI at home. If access away from home is needed, I use my phone directly or as a hotspot.
+1 IT person cautioned never use outside wifi for anything financial. I always lock my Lastpass outside of my wifi. I do what I"m told
__________________
"If you want to go fast, go alone. If you want to go far, go together.
Rianne is offline   Reply With Quote
Old 10-28-2019, 11:14 AM   #51
Thinks s/he gets paid by the post
Rianne's Avatar
 
Join Date: Aug 2017
Location: Champaign
Posts: 2,452
Quote:
Originally Posted by donheff View Post
Looking up at the URL bar now I see this portion of my ER Forums session is not secure so that appears to be the case here.
I guess all we share here is safe and confidential?
__________________
"If you want to go fast, go alone. If you want to go far, go together.
Rianne is offline   Reply With Quote
Old 10-28-2019, 01:58 PM   #52
Thinks s/he gets paid by the post
 
Join Date: Aug 2004
Location: Laurel, MD
Posts: 4,657
This is something I really donít worry too much about. When I was traveling for work I was always using VPN. I donít understand the risk wrt financial accounts that are not credit cards. Iím very unlikely to take any actions with an account that would not involve 2FA or another form of notification. Thanks to advice here Iíll definitely use cell data in the future.
__________________
...with no reasonable expectation for ER, I'm just here auditing the AP class.Retired 8/1/15.
jazz4cash is offline   Reply With Quote
Old 10-28-2019, 03:12 PM   #53
Recycles dryer sheets
Kwirk's Avatar
 
Join Date: Mar 2006
Posts: 308
I like to be careful, paranoid even, when using public WiFi. BUT...

Everyday there appear to be literally millions of unsophisticated users of public WiFi. Yet I never seem to hear any of the horror stories about public WiFi like I hear stories about email phishing, key loggers, and even SIM swapping. I can find plenty of stories touting the presumed risks of public WiFi but not actual instances of recent fraud. These stories do seem to sell a lot of VPN subscriptions and malware software. The warnings do not appear to be coming from banks or internet merchants. I'm inclined to believe that public WiFi is now reasonably safe for most uses. (I still wouldn't suggest entering credit card information on a random site that may not be using HTTPS.)

I'd be interested to hear of any actual and recent cases of fraud resulting from public WiFi use. There should be many thousands of such cases if all of the warnings are to be believed.
Kwirk is offline   Reply With Quote
Old 10-28-2019, 03:39 PM   #54
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
harley's Avatar
 
Join Date: May 2008
Location: Following the nice weather
Posts: 7,373
Quote:
Originally Posted by Car-Guy View Post
Been there many times (6 or 7 times I think) when I was working. There is nothing like attending a week+ long security conference (Blackhat/Defcon) in Las Vegas with all expenses paid (well almost all )
Especially since it's usually the same week as the AVN Adult Entertainment Expo. Nothing like putting a bunch of unsocialized nerds next door to a major porn convention.

ERD50, here's an interesting article if you're interested in nuts and bolts. They're trying to sell their services, but there's a lot if information in the article. https://news.netcraft.com/archives/2...m-attacks.html

As far as the people saying they've done it a million times with no issues, that's fine and true. Personally I don't think too many people are lurking waiting for innocent victims to log onto the hotel wifi. ANd 2FA helps a lot. But they really aren't very safe, and you never know when lightning will strike.
__________________
"Good judgment comes from experience. Experience comes from bad judgement." - Anonymous (not Will Rogers or Sam Clemens)
DW and I - FIREd at 50 (7/06), living off assets
harley is offline   Reply With Quote
Old 10-28-2019, 03:51 PM   #55
Thinks s/he gets paid by the post
 
Join Date: Sep 2006
Posts: 1,132
Quote:
Originally Posted by harley View Post
As far as the people saying they've done it a million times with no issues, that's fine and true. Personally I don't think too many people are lurking waiting for innocent victims to log onto the hotel wifi. ANd 2FA helps a lot. But they really aren't very safe, and you never know when lightning will strike.
Right. It's sort of like someone saying "I've been driving without using a seatbelt for years and I've never been injured, so it's safe."
JustCurious is offline   Reply With Quote
Old 10-29-2019, 11:28 AM   #56
Recycles dryer sheets
 
Join Date: Dec 2013
Posts: 169
I never use free wifi for banking or other secure transactions, but I have used my Verizon connection for bank transfers etc.
btdt22 is offline   Reply With Quote
Old 10-29-2019, 11:41 AM   #57
Thinks s/he gets paid by the post
 
Join Date: Nov 2011
Posts: 3,432
https does not encrypt metadata, meaning it leaks all sorts of information about you and the sites you access, though probably not your password. By gathering your metadata a hacker can learn much about you, perhaps enough information to impersonate you online.
GrayHare is offline   Reply With Quote
Old 10-29-2019, 12:09 PM   #58
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Ed_The_Gypsy's Avatar
 
Join Date: Dec 2004
Location: the City of Subdued Excitement
Posts: 5,444
Quote:
Originally Posted by donheff View Post
I'm paranoid about this and never contact my financial institutions while on the road, But I have things set up so I don't need to. I would not be uncomfortable accessing banking over the cellular connection on my phone or via the phone's hotspot. If I ever run into a situation where it becomes critical to use public wifi I would risk it because I am confidant that my financial institutions use end to end https.
Same here.
__________________
I have outlived most of the people I don't like and I am working on the rest.
Ed_The_Gypsy is offline   Reply With Quote
Old 10-29-2019, 12:30 PM   #59
Thinks s/he gets paid by the post
 
Join Date: Aug 2004
Location: Laurel, MD
Posts: 4,657
Quote:
Originally Posted by JustCurious View Post
Right. It's sort of like someone saying "I've been driving without using a seatbelt for years and I've never been injured, so it's safe."


Not at all unless Iím REALLY missing something. Driving with no seatbelt will get you killed.

Maybe Iím naive. I do check on account activity and use billpay but donít do much beyond that. Just about anything else involves 2FA or some other means of notification. The most important piece is to be alert to scam calls and emails.
__________________
...with no reasonable expectation for ER, I'm just here auditing the AP class.Retired 8/1/15.
jazz4cash is offline   Reply With Quote
Old 10-29-2019, 01:00 PM   #60
Thinks s/he gets paid by the post
 
Join Date: Aug 2004
Location: Laurel, MD
Posts: 4,657
And Iíll add that checking balances daily is all part of detecting issues ASAP.
__________________

__________________
...with no reasonable expectation for ER, I'm just here auditing the AP class.Retired 8/1/15.
jazz4cash is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Online Banking? FedExCourier FIRE and Money 35 10-01-2014 10:42 PM
Dedicated computer for online banking Synergy FIRE and Money 61 03-11-2013 10:55 AM
Zero Liability Online Banking RonBoyd FIRE and Money 2 11-29-2009 10:18 AM
"Online Banking Guarantee" Retire Soon FIRE and Money 3 10-27-2007 01:33 AM

» Quick Links

 
All times are GMT -6. The time now is 06:35 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
×