Page 1 of 1

security on public wifi

Posted: Thu Apr 26, 2012 10:23 am
by carabon1
I was reading an ad for VPN (virtual private network) service which was aimed at Mac type machines in that it was available for Lion OS. But I am hoping to use an iPod while traveling and wondered about security on it.
I just went to the app store looking for apps dealing with wifi security and came up empty handed. There are apps to find wifi locations and apps to encrypt your files, but nothing to provide security if you are using a public wifi system.

Is there any way to provide security so someone can't snoop your passwords while you are at Starbucks and want to check your email?

Re: security on public wifi

Posted: Thu Apr 26, 2012 11:09 am
by Richard Serkes
Public WiFi is always a risk. If you take the time to read the agreement you have to accept the details will say that anything bad that happens is on you not the provider of the WiFi service. Can unscrupulous people capture your keystrokes? Under some circumstances the answer is yes.

This is why I use 1Password. There are no keystrokes to steal since the program fills in your username and password and then automatically connects you. No keystrokes means there's nothing to steal. You can get 1Password for iOS which works on iPads, iPhones, and the iPod Touch.

If you have your iPod Touch set up to automatically seek out your email and download it then there are no keystrokes to capture (i.e., no username or password) so your email should be safe.

Re: security on public wifi

Posted: Thu Apr 26, 2012 2:47 pm
by Stephen Hart
There's a lot of discussion of using public wifi on Macintouch.

In addition to Richard's suggestion of 1Password*, you can further protect yourself by, for example, sending sensitive text as an attachment that's a password-protected document.

*Note that you really, really need to protect your 1Password password for obvious reasons. And you also have to hope that 1Password doesn't have a security problem like the one that was just recently fixed in SplashID.

Re: security on public wifi

Posted: Wed May 02, 2012 12:04 pm
by carabon1
First, Thank you for the reference to the app. I checked it out. But I am not sure how it can send a password to a cite without sending the password. In order to log in, a user name and password have to be sent. The fact that it is sent automatically doesnt change that. It just means that you the user don't see it happening. But I assume a sniffer would still see it.

Re: security on public wifi

Posted: Wed May 02, 2012 12:12 pm
by carabon1
Just another note. I just looked at a review and advertising on 1password app. Yes, it says it doesnt type your password. But I still assume it is transmitted. Some how, some way. So I am not arguing with you about what you said, just that the app might be giving a false sense of security.

Re: security on public wifi

Posted: Wed May 02, 2012 2:51 pm
by Richard Serkes
carabon1 wrote:First, Thank you for the reference to the app. I checked it out. But I am not sure how it can send a password to a cite without sending the password. In order to log in, a user name and password have to be sent. The fact that it is sent automatically doesnt change that. It just means that you the user don't see it happening. But I assume a sniffer would still see it.
The only thing an unscrupulous individual can see are your keystrokes. 1Password enters your username and password and then transmits them to the website WITHOUT any keystrokes on your part. So you're safe. The only thing to consider is that you have a master password for 1Password. That should be entered BEFORE you connect to a public WiFi hotspot or that information might be compromised. But all that would mean is if someone who was stealing your keystrokes also bopped you on your head and stole your iThing then he would be able to start up 1Password and get your usernames and passwords.

Of course, if someone bops you on the head and steals your iThing then you need to shut down everything immediately.

Re: security on public wifi

Posted: Wed May 02, 2012 8:33 pm
by Stephen Hart
Maybe I've got this all wrong, but I thought 1Password makes up a complex password on the fly for you. It doesn't transmit your password for 1Password.

Re: security on public wifi

Posted: Wed May 02, 2012 9:52 pm
by Richard Serkes
Stephen Hart wrote:Maybe I've got this all wrong, but I thought 1Password makes up a complex password on the fly for you. It doesn't transmit your password for 1Password.
You can either make up your own password which 1Password will remember and use or you can let it make up a password.

What I meant was malware that captures keystrokes could capture the 1Password password that opens and initializes 1Password. You wouldn't want the bad guys to have that. So if you "start up" 1Password before connecting to a public WiFi hotspot you would be safe. 1Password would be running before any WiFi shenanigans could take place.