When you are accessing a public network of any kind, most commonly the Wi-Fi networks of public areas such as airports and cafes, your browser’s connection to any site can easily be intercepted and your credentials compromised. The most vulnerable area is checking your web email or social networks such as Facebook, Twitter, and Myspace. Most of these sites are indeed secure and encrypted once you are logged in, but the log in page itself, the place where you enter your sensitive information, usually is not. That means you are a sitting target.
Fortunately there is a way to encrypt and secure your connection to all of your favorite sites before you log in. That way is “HTTPS.” Simply put when you visit one of these sites type in “https://” before the domain name instead of the usual “http://.” This will force your browser to engage in a secure, encrypted connection to the site before you enter in your credentials.
I’ve notice that my online bank has this type of connection by default, so I assume most financial institutions will too. But make sure yours has that little “s” there in the URL before proceeding.
Gmail also has the option of permanently using a secure connection under Settings>General>Browser Connection. You may not always want to have this setting on in Gmail for instance when you are in a private secure network, like at home, because you lose some features, but definitely make sure its on before you go out into the wild. Or instead of clicking that setting on and off, you can just type in HTTPS://mail.google.com and your browser will automatically force a secure connection before you enter your password. Paypal is another example of a site that should have https as its default browser connection upon login, but does not. It is secure once your inside but not on the log in page. Make sure you HTTPS it if you are in public.
Now you are free to take advantage of all those free wifi hot spots out there, feel secure and sleep well at night. Hope this helps
Comments? Love to hear your take or any other valuable information that you can provide.
credit: Steve Gibson of "Security Now"
a production in conjunction with the TWIT Network, a podcast definitely
worth subscribing and listening to regularly.
Subscribe to it HERE on Itunes.
Related:
Ever had this happen? It’s quite a shock and a lot of dismay. Today when I went to sites I visit often I noticed the Username and Password field weren’t automatically filled out like normal. So I went to the password manager in Chrome and everything had disappeared! Well I found a solution HERE on a Google Groups discussion board. It seems to have worked.