View Poll Results: Do you use hotel or other wifi options while traveling?
|
Yes, I use free wifi where ever I am to logon to banking and brokerage sites
|
|
30 |
34.88% |
I only use hotel wifi to log on to bank and brokerage accounts domestically
|
|
8 |
9.30% |
Nope, never logon if outside my home
|
|
48 |
55.81% |
|
|
10-27-2019, 05:09 PM
|
#41
|
Moderator
Join Date: Nov 2015
Posts: 13,917
|
There's a big annual infosec conference held in Vegas - Defcon. Using the convention hotel's WiFi is one of the surefire ways to end up on the Wall of Sheep. Basically a large number of the attendees are also hackers, and will expose anyone who isn't properly securing their devices.
That's the extreme, but I would expect most public wifi's to be far more vulnerable than your own home network.
We should all already use 2FA for any financial account access, no matter where or what device you are using. And yeah... even with that, if you don't need to look up your bank info when away from home, why risk it.
|
|
|
|
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!
Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!
You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!
|
10-28-2019, 07:11 AM
|
#42
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Sep 2005
Location: Northern IL
Posts: 26,889
|
Can someone post some facts with sources, rather than opinions or just a "this is what I do" example?
What I'd like to know is, are the passwords I use to access a financial site secure, even on a public wi-fi? It was my understanding that the "htpps" in the url does that for me. Am I wrong?
Maybe there are other good reasons to avoid public wi-fi, but if they can't see my passwords, I'm not sure what the concern is. With htpps, can they see anything?
-ERD50
|
|
|
10-28-2019, 07:21 AM
|
#43
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: May 2008
Location: No fixed abode
Posts: 8,765
|
This is what you need to be concerned about with public wifi - a Man-in-the-Middle attack. Once the bad guy has compromised the public system they can make it look like you are communicating directly with your bank (or whatever), but they can see everything that happens.
So no, if you are on a compromised network the encrypted communications are not secure. This can obviously happen in other environments too, but public wifi networks are notoriously bad about security.
__________________
"Good judgment comes from experience. Experience comes from bad judgement." - Anonymous (not Will Rogers or Sam Clemens)
DW and I - FIREd at 50 (7/06), living off assets
|
|
|
10-28-2019, 07:35 AM
|
#44
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Feb 2006
Location: Washington, DC
Posts: 11,328
|
Quote:
Originally Posted by ERD50
Can someone post some facts with sources, rather than opinions or just a "this is what I do" example?
What I'd like to know is, are the passwords I use to access a financial site secure, even on a public wi-fi? It was my understanding that the "htpps" in the url does that for me. Am I wrong?
Maybe there are other good reasons to avoid public wi-fi, but if they can't see my passwords, I'm not sure what the concern is. With htpps, can they see anything?
-ERD50
|
I can't cite references but I have always understood that HTTPS creates an encrypted tunnel such that no one sniffing the network (a very real danger on a public network) can see any of the data packets which includes passwords. There are still a couple of gotchas. Some https sites only use https for the logon and then http for the rest of the session. In those cases the data transferred during the unlocked portion could be sniffed. Looking up at the URL bar now I see this portion of my ER Forums session is not secure so that appears to be the case here. This is extremely unlikely with a financial institution but you can check from home to see if the lock remains on. The other danger that I have heard about is that you might get redirected at the initial public network sign on portion to a malicious site that could trick you into opening an executable that could monitor your screen actions (e.g. a keylogger). This could capture your log on credentials before they transition to the encrypted tunnel. Most stuff I have read suggests this as a pretty remote risk but... I always get nervous at hotels that take you through a proxy server.
I remain paranoid about using open access points for financial sites.
__________________
Idleness is fatal only to the mediocre -- Albert Camus
|
|
|
10-28-2019, 08:24 AM
|
#45
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Aug 2013
Location: Texas
Posts: 10,931
|
Quote:
Originally Posted by Aerides
There's a big annual infosec conference held in Vegas - Defcon.
|
Been there many times (6 or 7 times I think) when I was working. There is nothing like attending a week+ long security conference (Blackhat/Defcon) in Las Vegas with all expenses paid (well almost all ) Thousands of security "professionals, hackers, and government agencies" from around the world attend Blackhat/Defcon in Vegas. It's the biggest and most intense IT security conference/training I've ever attended. The only other IT security conference that comes close is RSA, which is held in San Fransisco each year.
I probably spent about 10% of my working days in the last 10 years of my career attending these conferences/training. Probably the only thing I miss about my working years.
One of my favorite topics on this board is when IT security topics are being discussed. I'm "sometimes" impressed with the security knowledge levels of a "few" of the members. "Sometimes"...
|
|
|
10-28-2019, 09:21 AM
|
#46
|
Thinks s/he gets paid by the post
Join Date: Jul 2015
Location: Beaverton
Posts: 1,382
|
Generally do not in hotels but will when renting houses which is my preference.
__________________
Jump in, the water's warm.
|
|
|
10-28-2019, 09:35 AM
|
#47
|
Thinks s/he gets paid by the post
Join Date: Jul 2013
Posts: 1,884
|
Quote:
Originally Posted by ERD50
Can someone post some facts with sources, rather than opinions or just a "this is what I do" example?
|
This is a very technical topic. You aren't going to find a concise summary that accurately describes all the potential issues.
Is a man-in-the-middle attack possible? Yes, but you need to determine if it's something you want to worry about. Personally, I do not.
Some tips: - use unique passwords
- use 2 factor authentication
- make sure https is being used (in this day and age, that will always be the case)
- use VPN if you're really paranoid
IMO, if you take these steps, using a public wifi network is just fine. Others will disagree; to each his own.
|
|
|
10-28-2019, 09:55 AM
|
#48
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Apr 2010
Posts: 5,912
|
We have used hotel wifi for the past nine years of travel. Africa, South America, Asia, Europe, NA. Never an issue. We only travel with ipads, no phone.
The two times we have had our cards compromised have been at home. We make a habit of checking our no FX fee credit card while traveling to ensure that it has not been compromised. There is always a first time though. What I do though is only use specific bank accounts when travelling....one with just enough back up cash and no more in case of compromise.
|
|
|
10-28-2019, 09:55 AM
|
#49
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Apr 2010
Posts: 5,912
|
We have used hotel wifi for the past nine years of travel. Africa, South America, Asia, Europe, NA. Never an issue. We only travel with ipads, no phone.
The two times we have had our cards compromised have been at home. We make a habit of checking our no FX fee credit card while traveling to ensure that it has not been compromised. There is always a first time though. What I do though is only use specific bank accounts when travelling....one with just enough back up cash and no more in case of compromise. We do not have much choice when we are on extended trips.
|
|
|
10-28-2019, 10:00 AM
|
#50
|
Thinks s/he gets paid by the post
Join Date: Aug 2017
Location: Champaign
Posts: 4,726
|
Quote:
Originally Posted by Splash
I try to only use our secured WIFI at home. If access away from home is needed, I use my phone directly or as a hotspot.
|
+1 IT person cautioned never use outside wifi for anything financial. I always lock my Lastpass outside of my wifi. I do what I"m told
__________________
"Do not go where the path may lead, go instead where there is no path and leave a trail."
Ralph Waldo Emerson
|
|
|
10-28-2019, 10:14 AM
|
#51
|
Thinks s/he gets paid by the post
Join Date: Aug 2017
Location: Champaign
Posts: 4,726
|
Quote:
Originally Posted by donheff
Looking up at the URL bar now I see this portion of my ER Forums session is not secure so that appears to be the case here.
|
I guess all we share here is safe and confidential?
__________________
"Do not go where the path may lead, go instead where there is no path and leave a trail."
Ralph Waldo Emerson
|
|
|
10-28-2019, 12:58 PM
|
#52
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Aug 2004
Location: Laurel, MD
Posts: 8,327
|
This is something I really don’t worry too much about. When I was traveling for work I was always using VPN. I don’t understand the risk wrt financial accounts that are not credit cards. I’m very unlikely to take any actions with an account that would not involve 2FA or another form of notification. Thanks to advice here I’ll definitely use cell data in the future.
__________________
...with no reasonable expectation for ER, I'm just here auditing the AP class.Retired 8/1/15.
|
|
|
10-28-2019, 02:12 PM
|
#53
|
Full time employment: Posting here.
Join Date: Mar 2006
Posts: 524
|
I like to be careful, paranoid even, when using public WiFi. BUT...
Everyday there appear to be literally millions of unsophisticated users of public WiFi. Yet I never seem to hear any of the horror stories about public WiFi like I hear stories about email phishing, key loggers, and even SIM swapping. I can find plenty of stories touting the presumed risks of public WiFi but not actual instances of recent fraud. These stories do seem to sell a lot of VPN subscriptions and malware software. The warnings do not appear to be coming from banks or internet merchants. I'm inclined to believe that public WiFi is now reasonably safe for most uses. (I still wouldn't suggest entering credit card information on a random site that may not be using HTTPS.)
I'd be interested to hear of any actual and recent cases of fraud resulting from public WiFi use. There should be many thousands of such cases if all of the warnings are to be believed.
|
|
|
10-28-2019, 02:39 PM
|
#54
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: May 2008
Location: No fixed abode
Posts: 8,765
|
Quote:
Originally Posted by Car-Guy
Been there many times (6 or 7 times I think) when I was working. There is nothing like attending a week+ long security conference (Blackhat/Defcon) in Las Vegas with all expenses paid (well almost all )
|
Especially since it's usually the same week as the AVN Adult Entertainment Expo. Nothing like putting a bunch of unsocialized nerds next door to a major porn convention.
ERD50, here's an interesting article if you're interested in nuts and bolts. They're trying to sell their services, but there's a lot if information in the article. https://news.netcraft.com/archives/2...m-attacks.html
As far as the people saying they've done it a million times with no issues, that's fine and true. Personally I don't think too many people are lurking waiting for innocent victims to log onto the hotel wifi. ANd 2FA helps a lot. But they really aren't very safe, and you never know when lightning will strike.
__________________
"Good judgment comes from experience. Experience comes from bad judgement." - Anonymous (not Will Rogers or Sam Clemens)
DW and I - FIREd at 50 (7/06), living off assets
|
|
|
10-28-2019, 02:51 PM
|
#55
|
Thinks s/he gets paid by the post
Join Date: Sep 2006
Posts: 1,396
|
Quote:
Originally Posted by harley
As far as the people saying they've done it a million times with no issues, that's fine and true. Personally I don't think too many people are lurking waiting for innocent victims to log onto the hotel wifi. ANd 2FA helps a lot. But they really aren't very safe, and you never know when lightning will strike.
|
Right. It's sort of like someone saying "I've been driving without using a seatbelt for years and I've never been injured, so it's safe."
|
|
|
10-29-2019, 10:28 AM
|
#56
|
Recycles dryer sheets
Join Date: Dec 2013
Posts: 174
|
I never use free wifi for banking or other secure transactions, but I have used my Verizon connection for bank transfers etc.
|
|
|
10-29-2019, 10:41 AM
|
#57
|
Thinks s/he gets paid by the post
Join Date: Nov 2011
Posts: 3,902
|
https does not encrypt metadata, meaning it leaks all sorts of information about you and the sites you access, though probably not your password. By gathering your metadata a hacker can learn much about you, perhaps enough information to impersonate you online.
|
|
|
10-29-2019, 11:09 AM
|
#58
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Dec 2004
Location: the City of Subdued Excitement
Posts: 5,588
|
Quote:
Originally Posted by donheff
I'm paranoid about this and never contact my financial institutions while on the road, But I have things set up so I don't need to. I would not be uncomfortable accessing banking over the cellular connection on my phone or via the phone's hotspot. If I ever run into a situation where it becomes critical to use public wifi I would risk it because I am confidant that my financial institutions use end to end https.
|
Same here.
__________________
I have outlived most of the people I don't like and I am working on the rest.
|
|
|
10-29-2019, 11:30 AM
|
#59
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Aug 2004
Location: Laurel, MD
Posts: 8,327
|
Quote:
Originally Posted by JustCurious
Right. It's sort of like someone saying "I've been driving without using a seatbelt for years and I've never been injured, so it's safe."
|
Not at all unless I’m REALLY missing something. Driving with no seatbelt will get you killed.
Maybe I’m naive. I do check on account activity and use billpay but don’t do much beyond that. Just about anything else involves 2FA or some other means of notification. The most important piece is to be alert to scam calls and emails.
__________________
...with no reasonable expectation for ER, I'm just here auditing the AP class.Retired 8/1/15.
|
|
|
10-29-2019, 12:00 PM
|
#60
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Aug 2004
Location: Laurel, MD
Posts: 8,327
|
And I’ll add that checking balances daily is all part of detecting issues ASAP.
__________________
...with no reasonable expectation for ER, I'm just here auditing the AP class.Retired 8/1/15.
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
Thread Tools |
|
Display Modes |
Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
» Recent Threads
|
|
|
|
|
|
|
|
|
|
|
|
|
» Quick Links
|
|
|