security on public wifi

Discussion of non-operating system issues related to iPods, iPhones, and the iPod Touch.
Post Reply
carabon1
Forum Member
Forum Member
Posts: 7
Joined: Sat Jun 04, 2011 5:20 pm

security on public wifi

Post by carabon1 » Thu Apr 26, 2012 10:23 am

I was reading an ad for VPN (virtual private network) service which was aimed at Mac type machines in that it was available for Lion OS. But I am hoping to use an iPod while traveling and wondered about security on it.
I just went to the app store looking for apps dealing with wifi security and came up empty handed. There are apps to find wifi locations and apps to encrypt your files, but nothing to provide security if you are using a public wifi system.

Is there any way to provide security so someone can't snoop your passwords while you are at Starbucks and want to check your email?

User avatar
Richard Serkes
Forum Member - Level 5
Forum Member - Level 5
Posts: 1010
Joined: Thu Mar 31, 2011 9:21 pm
Location: Port Angeles, WA

Re: security on public wifi

Post by Richard Serkes » Thu Apr 26, 2012 11:09 am

Public WiFi is always a risk. If you take the time to read the agreement you have to accept the details will say that anything bad that happens is on you not the provider of the WiFi service. Can unscrupulous people capture your keystrokes? Under some circumstances the answer is yes.

This is why I use 1Password. There are no keystrokes to steal since the program fills in your username and password and then automatically connects you. No keystrokes means there's nothing to steal. You can get 1Password for iOS which works on iPads, iPhones, and the iPod Touch.

If you have your iPod Touch set up to automatically seek out your email and download it then there are no keystrokes to capture (i.e., no username or password) so your email should be safe.
---
Always burn your bridges. You never know who's coming up from behind.

User avatar
Stephen Hart
Forum Member - Level 5
Forum Member - Level 5
Posts: 3041
Joined: Thu Apr 07, 2011 10:09 am

Re: security on public wifi

Post by Stephen Hart » Thu Apr 26, 2012 2:47 pm

There's a lot of discussion of using public wifi on Macintouch.

In addition to Richard's suggestion of 1Password*, you can further protect yourself by, for example, sending sensitive text as an attachment that's a password-protected document.

*Note that you really, really need to protect your 1Password password for obvious reasons. And you also have to hope that 1Password doesn't have a security problem like the one that was just recently fixed in SplashID.
Last edited by Stephen Hart on Wed May 02, 2012 8:31 pm, edited 1 time in total.
"Design is not just what it looks like and feels like. Design is how it works."
Steve Jobs

carabon1
Forum Member
Forum Member
Posts: 7
Joined: Sat Jun 04, 2011 5:20 pm

Re: security on public wifi

Post by carabon1 » Wed May 02, 2012 12:04 pm

First, Thank you for the reference to the app. I checked it out. But I am not sure how it can send a password to a cite without sending the password. In order to log in, a user name and password have to be sent. The fact that it is sent automatically doesnt change that. It just means that you the user don't see it happening. But I assume a sniffer would still see it.

carabon1
Forum Member
Forum Member
Posts: 7
Joined: Sat Jun 04, 2011 5:20 pm

Re: security on public wifi

Post by carabon1 » Wed May 02, 2012 12:12 pm

Just another note. I just looked at a review and advertising on 1password app. Yes, it says it doesnt type your password. But I still assume it is transmitted. Some how, some way. So I am not arguing with you about what you said, just that the app might be giving a false sense of security.

User avatar
Richard Serkes
Forum Member - Level 5
Forum Member - Level 5
Posts: 1010
Joined: Thu Mar 31, 2011 9:21 pm
Location: Port Angeles, WA

Re: security on public wifi

Post by Richard Serkes » Wed May 02, 2012 2:51 pm

carabon1 wrote:First, Thank you for the reference to the app. I checked it out. But I am not sure how it can send a password to a cite without sending the password. In order to log in, a user name and password have to be sent. The fact that it is sent automatically doesnt change that. It just means that you the user don't see it happening. But I assume a sniffer would still see it.
The only thing an unscrupulous individual can see are your keystrokes. 1Password enters your username and password and then transmits them to the website WITHOUT any keystrokes on your part. So you're safe. The only thing to consider is that you have a master password for 1Password. That should be entered BEFORE you connect to a public WiFi hotspot or that information might be compromised. But all that would mean is if someone who was stealing your keystrokes also bopped you on your head and stole your iThing then he would be able to start up 1Password and get your usernames and passwords.

Of course, if someone bops you on the head and steals your iThing then you need to shut down everything immediately.
---
Always burn your bridges. You never know who's coming up from behind.

User avatar
Stephen Hart
Forum Member - Level 5
Forum Member - Level 5
Posts: 3041
Joined: Thu Apr 07, 2011 10:09 am

Re: security on public wifi

Post by Stephen Hart » Wed May 02, 2012 8:33 pm

Maybe I've got this all wrong, but I thought 1Password makes up a complex password on the fly for you. It doesn't transmit your password for 1Password.
"Design is not just what it looks like and feels like. Design is how it works."
Steve Jobs

User avatar
Richard Serkes
Forum Member - Level 5
Forum Member - Level 5
Posts: 1010
Joined: Thu Mar 31, 2011 9:21 pm
Location: Port Angeles, WA

Re: security on public wifi

Post by Richard Serkes » Wed May 02, 2012 9:52 pm

Stephen Hart wrote:Maybe I've got this all wrong, but I thought 1Password makes up a complex password on the fly for you. It doesn't transmit your password for 1Password.
You can either make up your own password which 1Password will remember and use or you can let it make up a password.

What I meant was malware that captures keystrokes could capture the 1Password password that opens and initializes 1Password. You wouldn't want the bad guys to have that. So if you "start up" 1Password before connecting to a public WiFi hotspot you would be safe. 1Password would be running before any WiFi shenanigans could take place.
---
Always burn your bridges. You never know who's coming up from behind.

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests