-
Is it safe to enter credit card info on public WiFi?
How big is the risk?
Time and time again you’ve been told that public WiFi hotspots or compromised routers will get your credit card numbers and banking info stolen. However, such risks have been overly hyped.
We agree that public, open WiFi networks totally cannot be trusted. And that compromised routers can be used to wiretap all your communications. But we’d also say that in most cases your credit card numbers and banking info are pretty safe, even with someone watching all of your communications over the wire.
Why? The keyword is HTTPS.
The HTTPS protocol encrypts messages sent between your device and the server and ensures end-to-end transport security. What that means is that people can look at the messages exchanged between your device and the server, but all they see is random bytes. They cannot extract useful information out of the stream of bytes flowing through.
How do you know that HTTPS is being used? Simply check the green lock on the left of the URL address bar.
Who’s using HTTPS? Google, Facebook, Instagram, your bank, your credit card company, your company’s payroll, your insurance company, your ISP’s web site, even YouTube and Vimeo! Basically, almost every web site that matters.
So what’s all the fuss about your personal information being stolen? Well, there’s a small possibility that you might have mistyped your bank’s URL, and the mistyped URL happens to be a website created by some bad guy, and it serves a valid SSL certificate that matched the mistyped domain name. There’s also a possibility that a bad guy redirected you to a plain HTTP URL (a technique called sslstrip).
You should be pretty safe if you:
- Check for the HTTPS green lock icon.
- Do not click through when you see a certificate warning.
- Make sure you typed in the URL correctly (if you’ve visited the site before, the browser will prepopulate the address bar with the previous address).
What about your shared folders?
You might have seen the suggestion that you should remember to turn off Windows Network Discovery and file sharing when you connect a Windows PC to a public WiFi hotspot. But Windows has already figured it out for you. When you connect to a new WiFi network, Windows will ask you if the connection is Public, Home, or Work.
When you connect to a public WiFi, you should choose Public. And when Pubic is chosen, Windows automatically turns off file sharing.
What about apps on your smart phone?
For apps on your smartphone, there’s no green lock to look at so there’s no sure way to tell if an app is using HTTPS/SSL encrypted communication behind scenes. If you are really cautious, you should not connect your smartphone to public WiFi hotspots.
Even so, we speak with high confidence that security sensitive apps (such as your bank’s) will not use insecure communication protocols when talking back to servers. Therefore, you should be safe using your bank’s app, even on a public WiFi connection. Ask the app developer if you wan to be sure.
If you use the pcWRT router, there’s a simple way to check out if there are insecure apps on your smartphone. Here’s how:
- Connect the phone to the pcWRT router WiFi. Find it on the Status page and give it a name.
- Put the phone in a profile with Access Control turned on.
- Use the app you want to check out.
- Open the Access Control logs, click on the device name.
- Switch to Raw mode.
- Click on the links under the Port column to reveal the first 15 bytes sent over the connection.
Does a VPN help?
Certainly. Connecting to a VPN is the easiest way to make sure you have a secure connection at all times. Remember though, with a VPN connection you are simply shifting your trust to the VPN service provider. Make sure you pick a trustworthy VPN service.
With the pcWRT router, you can easily set up a VPN server at home and connect to it when you are away from home. In our opinion this is the best solution. Not only you solve the trust problem with a VPN server under you control, it’s also free!
WireGuard® is the easiest to setup. But you can also use IKEv2 and OpenVPN if you prefer.
* WireGuard® is a registered trademark of Jason A. Donenfeld.
Recent Posts
- How to reset the pcWRT router
- How to create your SSH key and use it on the router
- How to reset router password by email
- How to set up SurfShark WireGuard VPN on the pcWRT router
- How to set up Proton VPN WireGuard on the pcWRT router
Recent Comments
- on How to create your SSH key and use it on the router
- on How to create your SSH key and use it on the router
- on How to setup TunnelBear OpenVPN on the pcWRT router
- on How to setup TunnelBear OpenVPN on the pcWRT router
- on How to enable native dynamic DNS on the pcWRT router
Archives
- April 2024
- March 2024
- August 2023
- May 2023
- February 2023
- June 2022
- December 2021
- November 2021
- August 2021
- January 2021
- December 2020
- October 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- February 2020
- January 2020
- December 2019
- October 2019
- December 2018
- August 2018
- July 2018
- June 2018
- January 2018
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- January 2017
- August 2016
- May 2016
- December 2015
- August 2015
- July 2015
- May 2015
- April 2015
- March 2015
Categories
The FTC site provides very accurate info on this topic: https://www.consumer.ftc.gov/articles/0014-tips-using-public-wi-fi-networks