Good Sam Community

I use Quicken to manage my accounts. I do not worry about transmitting transactions even over open public networks. Quicken encrypts the data before it goes on the network. They claim it is bank level encryption. Have been doing this for cash flow management since 2003 when the only access was to carry the computer to the cg office and plug into the modem line (I watched people pack a desktop machine and monitor to the office!). I have not been hacked YET! When I access my bank directly I make sure to verify that the https: shows in the address bar. 128 bit encryption will take just a bit of computer power and a year or two to break. No worries!

Most my bills are set up with autopay. Generally no reason to log on. Email says how much and when.

I avoid Chase at any cost.

Also I would recommend having a plan in place if your mobile device is stolen, lost, misplaced. Treat it like a lost wallet, call your bank and get them to disable access, force a password reset or the like. Same for any other services you routinely access on the device (web mail, etc).

braindead0 wrote:
HTTPS is mostly secure. However running over a public wifi hotspot is risky, and if your device is configured to allow auto proxy discovery then you are at risk for a couple of fairly new key discovery techniques that can expose your login information and traffic. A lot depends on how good your bank security folks are and how trustworthy the WIFI operators is.

Password protected WIFI does nothing to protect user data, it's strictly a means of access control.

There are several options that can help assure your security, SSH tunnel to a known safe server, good VPN service, TOR. However all of these require proper configuration and good security practices on your end.

I would recommend paying bills on AT&T and only using public WIFI for browsing, email, things that IF someone was able to access it wouldn't mean an empty bank account. AT&T should have their 'stuff' together, and the risk of rogue proxy or MITM attacks should be minimal.

+if your bank offers it, opt in for 2 factor authentication; if they don't, switch banks! i have that with Chase. every time i use a different computer or something about the computer changes, i get a txt message with an additional code to enter before accessing the bank accounts. just another layer of security.

braindead0 wrote:
HTTPS is mostly secure. However running over a public wifi hotspot is risky, and if your device is configured to allow auto proxy discovery then you are at risk for a couple of fairly new key discovery techniques that can expose your login information and traffic. A lot depends on how good your bank security folks are and how trustworthy the WIFI operators is.
Password protected WIFI does nothing to protect user data, it's strictly a means of access control.

There are several options that can help assure your security, SSH tunnel to a known safe server, good VPN service, TOR. However all of these require proper configuration and good security practices on your end.

I would recommend paying bills on AT&T and only using public WIFI for browsing, email, things that IF someone was able to access it wouldn't mean an empty bank account. AT&T should have their 'stuff' together, and the risk of rogue proxy or MITM attacks should be minimal.

I concur. Public Wifi should be assumed to be monitored by those with malicious intent. If you are forced to use public wifi for banking or the like on a regular basis, you may want to look into a VPN service. It won't eliminate the potential to be hacked, but it will reduce it to the risk level of a cell connection/hotspot or your home internet.

(IT security guy here, btw..)

maddawg46 wrote:
So looks like I'm good to go. I'll just always pay with my AT&T data plan, and not use wifi on the road.

You are good with that plan. The only time I ever use a public WiFi network is if my Verizon 4G isn't available. And then if I were on WiFi I wouldn't be using my bank accounts or any other confidential type stuff.

2oldman wrote:

maddawg46 wrote:
then why do I need some additional security device.

You don't, you're fine. Using a hot spot is no different from what you're doing. Been doing this for years.

X2. no worries.

So looks like I'm good to go. I'll just always pay with my AT&T data plan, and not use wifi on the road.

We have been paying everything on line for over 5 years. The bank provides the security. Many people do have hotspots that look to be unprotected, but just click on them to try to connect and you will find you do need a password.

If your tablet device is directly connected to the AT&T network you are not using WiFi hotspot and you don't need to create one. The phone company's wireless data connection is more secure than even WiFi because of channel cycling in addition to encryption.

Folks doing their own hotspot are doing it for better security than a public hotspot.

No worries! My wife pays all our bills from our I-Pad even if were not on the road. We have never had a problem and were on AT&T (no contract when were on the road) and were on Verizon at home.

HTTPS is mostly secure. However running over a public wifi hotspot is risky, and if your device is configured to allow auto proxy discovery then you are at risk for a couple of fairly new key discovery techniques that can expose your login information and traffic. A lot depends on how good your bank security folks are and how trustworthy the WIFI operators is.

Password protected WIFI does nothing to protect user data, it's strictly a means of access control.

There are several options that can help assure your security, SSH tunnel to a known safe server, good VPN service, TOR. However all of these require proper configuration and good security practices on your end.

I would recommend paying bills on AT&T and only using public WIFI for browsing, email, things that IF someone was able to access it wouldn't mean an empty bank account. AT&T should have their 'stuff' together, and the risk of rogue proxy or MITM attacks should be minimal.

2oldman wrote:

maddawg46 wrote:
then why do I need some additional security device.

You don't, you're fine. Using a hot spot is no different from what you're doing. Been doing this for years.

I agree with this.

I also find it convenient to have almost everything go to my credit card automatically or have auto bank draft to a special account that I set up for utility bills (they will not use credit cards). The bank transfers a small fixed amount just enough to cover those to that special account for me each month. My utility bills are averaged (budget billing they call it) so I always know how much they will be. Most odd bills can be put on credit card by a phone call. I pay my credit card with an online transfer and I am done.