Do you change your passwords after using a public wi-fi connection?

[ARCHIVED THREAD] - Do you change your passwords after using a public wi-fi connection?

Posted: 10/29/2013 9:30:29 AM EDT

Like, if you go to Starbucks or McDonalds and log in to ARFCOM or email or whatever, do you then change your password for security reasons once you're back on a trusted network?

Posted: 10/29/2013 9:31:46 AM EDT

[#1]

Why would you connect to public Wi-Fi? Do you also fuck prostitutes?

Posted: 10/29/2013 9:32:01 AM EDT

[#2]

Do you even SSL, bro?

Posted: 10/29/2013 9:43:05 AM EDT

[#3]

Quote History

Quoted:
Do you even SSL VPN, bro?

View Quote

FIFY

Posted: 10/29/2013 9:45:47 AM EDT

[#4]

I change my passwords after I use my home wi-fi network. You can't be too careful.

Posted: 10/29/2013 10:02:17 AM EDT

[#5]

Quote History

Quoted:

FIFY

View Quote View All Quotes

View All Quotes

Quote History

Quoted:

Quoted:
Do you even SSL VPN, reverse SSH tunnel + squid proxy bro?

FIFY

Posted: 10/29/2013 10:03:22 AM EDT

[#6]

just buy a new computer after every time

Posted: 10/29/2013 10:04:12 AM EDT

[#7]

I don't log into anything important over a public connection without a VPN established.

Posted: 10/29/2013 10:04:46 AM EDT

[#8]

I usually just rub a USB cord along my taint and tell myself it will all be ok

Posted: 10/29/2013 10:07:26 AM EDT

[#9]

I just tether to my phone.

Posted: 10/29/2013 10:14:59 AM EDT

[#10]

Quote History

Quoted:
I don't log into anything important over a public connection without a VPN established.

View Quote

What about the password for the VPN?

Posted: 10/29/2013 11:59:03 AM EDT

[#11]

Quote History

Quoted:

What about the password for the VPN?

View Quote View All Quotes

View All Quotes

Quote History

Quoted:

Quoted:
I don't log into anything important over a public connection without a VPN established.

What about the password for the VPN?

If they got that just from me logging onto their hotspot, I got far bigger problems than individual site passwords.

Posted: 10/29/2013 6:37:44 PM EDT

[#12]

Quote History

Quoted:
I don't log into anything important over a public connection without a VPN established.

View Quote

what do you consider non-important....?

Posted: 10/29/2013 6:39:09 PM EDT

[#13]

I don't connect to public wifi.

Posted: 10/29/2013 6:42:03 PM EDT

[#14]

I don't ever use the internet.

Posted: 10/29/2013 6:43:11 PM EDT

[#15]

Quote History

Quoted:

If they got that just from me logging onto their hotspot, I got far bigger problems than individual site passwords.

View Quote View All Quotes

View All Quotes

Quote History

Quoted:

Quoted:
I don't log into anything important over a public connection without a VPN established.

What about the password for the VPN?

If they got that just from me logging onto their hotspot, I got far bigger problems than individual site passwords.

+ 1

I VPN whenever I am away from home. Is it possible to snatch my VPN info? Maybe, but it is an acceptable risk to ensure I can browse freely. My VPN connects to nothing but internet. By default it can't see anything else on my network. Of course this is because when I am away from home there isn't anything else on my network

Posted: 10/29/2013 6:45:21 PM EDT

[#16]

What is everyone using for a VPN?

Posted: 10/29/2013 6:45:39 PM EDT

[#17]

What's VPN?

Posted: 10/29/2013 6:50:18 PM EDT

[#18]

Quote History

Quoted:
What's VPN?

View Quote

Virtual Private Network

Posted: 10/29/2013 6:54:28 PM EDT

[#19]

I don't use public wifi.

Posted: 10/29/2013 7:11:16 PM EDT

[#20]

what is Wi-Fi?

Posted: 10/29/2013 7:27:01 PM EDT

[#21]

Quote History

Quoted:
What is everyone using for a VPN?

View Quote

I use one of these:

Asus RT-N66U with dd-wrt on it.
A little configuring, and it's a perfect VPN server. Actually, the default Asus firmware supports hosting a VPN, but dd-wrt gives a lot more flexibility elsewhere.

Posted: 10/29/2013 7:28:51 PM EDT

[#22]

Quote History

Quoted:

What about the password for the VPN?

View Quote View All Quotes

View All Quotes

Quote History

Quoted:

Quoted:
I don't log into anything important over a public connection without a VPN established.

What about the password for the VPN?

smarter people than you devised a scheme so even the password during VPN session setup is not transmitted in the clear.

google CHAP, for example.

ar-jedi

Posted: 10/29/2013 7:29:08 PM EDT

[#23]

Quote History

Quoted:
What is everyone using for a VPN?

View Quote

http://www.ar15.com/forums/t_1_124/1522299_Personal_VPN.html&page=2#i42350304

ar-jedi

Posted: 10/29/2013 7:30:27 PM EDT

[#24]

Quote History

Quoted:

smarter people than you devised a scheme so even the password during VPN session setup is not transmitted in the clear.

google CHAP, for example.

ar-jedi

View Quote View All Quotes

View All Quotes

Quote History

Quoted:

Quoted:
I don't log into anything important over a public connection without a VPN established.

What about the password for the VPN?

smarter people than you devised a scheme so even the password during VPN session setup is not transmitted in the clear.

google CHAP, for example.

ar-jedi

There are some people dumb enough to set up their vpn authorization in the clear

Posted: 10/29/2013 7:30:36 PM EDT

[#25]

Quote History

Quoted:

I use one of these:

http://img.photobucket.com/albums/v632/zack3gpics/d6c8d977.jpg

Asus RT-N66U with dd-wrt on it.
A little configuring, and it's a perfect VPN server. Actually, the default Asus firmware supports hosting a VPN, but dd-wrt gives a lot more flexibility elsewhere.

View Quote View All Quotes

View All Quotes

Quote History

Quoted:

Quoted:
What is everyone using for a VPN?

I use one of these:

http://img.photobucket.com/albums/v632/zack3gpics/d6c8d977.jpg

Asus RT-N66U with dd-wrt on it.
A little configuring, and it's a perfect VPN server. Actually, the default Asus firmware supports hosting a VPN, but dd-wrt gives a lot more flexibility elsewhere.

Thanks. That looks like a nice router. That lets you VPN through your home router from any internet connection? I thought most people were using a VPN server somewhere offsite in order to hide info on their browsing habits.

Posted: 10/29/2013 7:31:36 PM EDT

[#26]

Quoted:
Like, if you go to Starbucks or McDonalds and log in to ARFCOM or email or whatever, do you then change your password for security reasons once you're back on a trusted network?

View Quote

no. enable VPN, per above. thereafter all WiFi traffic to/from my iPhone is encrypted.

ar-jedi

Posted: 10/29/2013 7:32:30 PM EDT

[#27]

Quote History

Quoted:

There are some people dumb enough to set up their vpn authorization in the clear

View Quote View All Quotes

View All Quotes

Quote History

Quoted:

Quoted:
I don't log into anything important over a public connection without a VPN established.

What about the password for the VPN?

smarter people than you devised a scheme so even the password during VPN session setup is not transmitted in the clear.
google CHAP, for example.
ar-jedi

There are some people dumb enough to set up their vpn authorization in the clear

i think that you have to work hard to end up with such a configuration.

ar-jedi

Posted: 10/29/2013 7:33:16 PM EDT

[#28]

Quote History

Quoted:

http://www.ar15.com/forums/t_1_124/1522299_Personal_VPN.html&page=2#i42350304

ar-jedi

View Quote View All Quotes

View All Quotes

Quote History

Quoted:

Quoted:
What is everyone using for a VPN?

http://www.ar15.com/forums/t_1_124/1522299_Personal_VPN.html&page=2#i42350304

ar-jedi

Thanks. I found the information I was looking for in a post there.

Posted: 10/29/2013 7:34:59 PM EDT

[#29]

Quote History

Quoted:

Thanks. That looks like a nice router. That lets you VPN through your home router from any internet connection? I thought most people were using a VPN server somewhere offsite in order to hide info on their browsing habits.

View Quote View All Quotes

View All Quotes

Quote History

Quoted:

Quoted:
What is everyone using for a VPN?

I use one of these:

http://img.photobucket.com/albums/v632/zack3gpics/d6c8d977.jpg

Asus RT-N66U with dd-wrt on it.
A little configuring, and it's a perfect VPN server. Actually, the default Asus firmware supports hosting a VPN, but dd-wrt gives a lot more flexibility elsewhere.

Thanks. That looks like a nice router. That lets you VPN through your home router from any internet connection? I thought most people were using a VPN server somewhere offsite in order to hide info on their browsing habits.

Right. I use it when I'm on public wifi to A) prevent, or seriously hinder snooping attempts, and B) get around internet filtering.

Posted: 10/29/2013 7:37:56 PM EDT

[#30]

Quote History

Quoted:
I use one of these:

http://img.photobucket.com/albums/v632/zack3gpics/d6c8d977.jpg

Asus RT-N66U with dd-wrt on it.

A little configuring, and it's a perfect VPN server. Actually, the default Asus firmware supports hosting a VPN, but dd-wrt gives a lot more flexibility elsewhere.

View Quote View All Quotes

View All Quotes

Quote History

Quoted:

Quoted:

What is everyone using for a VPN?

I use one of these:

http://img.photobucket.com/albums/v632/zack3gpics/d6c8d977.jpg

Asus RT-N66U with dd-wrt on it.

A little configuring, and it's a perfect VPN server. Actually, the default Asus firmware supports hosting a VPN, but dd-wrt gives a lot more flexibility elsewhere.

Nice. Have you checked out the RTAC68U?

Posted: 10/29/2013 7:39:59 PM EDT

[#31]

Quote History

Quoted:

Nice. Have you checked out the RTAC68U?

View Quote View All Quotes

View All Quotes

Quote History

Quoted:

Quoted:
What is everyone using for a VPN?

I use one of these:

http://img.photobucket.com/albums/v632/zack3gpics/d6c8d977.jpg

Asus RT-N66U with dd-wrt on it.
A little configuring, and it's a perfect VPN server. Actually, the default Asus firmware supports hosting a VPN, but dd-wrt gives a lot more flexibility elsewhere.

Nice. Have you checked out the RTAC68U?

Just looked up the specs. That thing is insane.

Posted: 10/29/2013 7:44:14 PM EDT

[#32]

Quoted:

Quoted:
Do you even SSL VPN, bro?

View Quote

FIFY

View Quote

VPN FTW.

But I voted only generic sites as I don't log into any accounts outside trusted sources.

I have my router/firewall locked down to SSH/VPN by source IP dynamically, and today I had a bad day as I forgot a DNS account password to update a dynamic remote IP from location I haven't used in months. Finally figured it out and updated to new IP, my router resolves every 15 minutes, GTG.

PuTTY and dynamic tunnel/socks5 if you don't want to setup VPN. Make sure to enable network.proxy.socks_remote_dns (in FireFox, at least) as well.

Also, I ran dd-wrt on a consumer fancy-gear appliance for quite awhile; it works, but sucks. Different layout then most Linux OS. Iptables sucks anyways. OpenBSD PF please.

ETA: Biggest problem with dd-wrt and most consumer NAT routers in the past has been NAT port-forwarding bug. Get enough ports forwarding and it starts sending outside ports to the wrong inside ports. They have kept trying to fix it, but it keeps coming back. Even if they have it fixed solid now, I have no use for their inferior OS.

Posted: 10/29/2013 7:44:40 PM EDT

[#33]

Quote History

Quoted:

no. enable VPN, per above. thereafter all WiFi traffic to/from my iPhone is encrypted.

ar-jedi

View Quote View All Quotes

View All Quotes

Quote History

Quoted:

Quoted:
Like, if you go to Starbucks or McDonalds and log in to ARFCOM or email or whatever, do you then change your password for security reasons once you're back on a trusted network?

no. enable VPN, per above. thereafter all WiFi traffic to/from my iPhone is encrypted.

ar-jedi

OK, but if I understand this system as you describe it, there is a smartphone involved to "dial up" your home network...right?..What if I'm using a laptop...would I have to get some kind of 3G card or something?

Posted: 10/29/2013 7:49:02 PM EDT

[#34]

Quote History

Quoted:

OK, but if I understand this system as you describe it, there is a smartphone involved to "dial up" your home network...right?..What if I'm using a laptop...would I have to get some kind of 3G card or something?

View Quote View All Quotes

View All Quotes

Quote History

Quoted:

Quoted:
Like, if you go to Starbucks or McDonalds and log in to ARFCOM or email or whatever, do you then change your password for security reasons once you're back on a trusted network?

no. enable VPN, per above. thereafter all WiFi traffic to/from my iPhone is encrypted.

ar-jedi

OK, but if I understand this system as you describe it, there is a smartphone involved to "dial up" your home network...right?..What if I'm using a laptop...would I have to get some kind of 3G card or something?

Your laptop should be able to connect to a VPN.

Google this:

Set up VPN (insert your operating system here)

Posted: 10/29/2013 7:49:32 PM EDT

[#35]

Can someone give a serious answer to a non-computer professional?

Is it very bad to use passwords on a public wifi?

I travel all the time, and I've been doing it for more than a decade. Do I need to quit cold turkey.

Can someone on a public wifi steal all your info, or just the passwords you type in?

Posted: 10/29/2013 7:52:47 PM EDT

[#36]

Quote History

Quoted:
Can someone on a public wifi steal all your info, or just the passwords you type in?

View Quote

all traffic to/from your WiFi-connected smartphone or laptop can be sniffed for personal data, passwords, etc.

note that information transferred within an SSL session, e.g. Gmail using https://, can not be recovered.

the whole idea of using a VPN is to encrypt EVERYTHING coming/going from your client endpoint.
the other end of the VPN (aka the server) is either (a) a home router set up by you to do this, or (b) a service that provides this for a monthly fee.

in the case of (a), your endpoint traffic is encrypted on your smartphone/laptop, transmitted to your home, decrypted by the VPN server function running on a router supporting this, and then transmitted to the internet. for all intents and purposes it works as if you were surfing from home, not the coffee shop.

in the case of (b), it's similar but the VPN server function is done by a commercial company, and you are using their internet connection for traffic.

ar-jedi

Posted: 10/29/2013 7:58:37 PM EDT

[#37]

I only use public wifi with an Ipad so it shouldn't affect me, right?

Posted: 10/29/2013 8:00:49 PM EDT

[#38]

Quote History

Quoted:
I only use public wifi with an Ipad so it shouldn't affect me, right?

View Quote

That depends on how much you value your information.

Anything sent on a public wireless connection can be intercepted by anyone else connected to it.

Or by a router set up as a repeater and doing the whole man in the middle thing.

Posted: 10/29/2013 8:01:24 PM EDT

[#39]

Quote History

Quoted:
I don't ever use the internet.

View Quote

Posted: 10/29/2013 8:01:39 PM EDT

[#40]

Quote History

Quoted:
I only use public wifi with an Ipad so it shouldn't affect me, right?

View Quote

why do you think this?

ar-jedi

Posted: 10/29/2013 8:06:11 PM EDT

[#41]

Quote History

Quoted:

all traffic to/from your WiFi-connected smartphone or laptop can be sniffed for personal data, passwords, etc.

note that information transferred within an SSL session, e.g. Gmail using https://, can not be recovered.

the whole idea of using a VPN is to encrypt EVERYTHING coming/going from your client endpoint.
the other end of the VPN (aka the server) is either (a) a home router set up by you to do this, or (b) a service that provides this for a monthly fee.

in the case of (a), your endpoint traffic is encrypted on your smartphone/laptop, transmitted to your home, decrypted by the VPN server function running on a router supporting this, and then transmitted to the internet. for all intents and purposes it works as if you were surfing from home, not the coffee shop.

in the case of (b), it's similar but the VPN server function is done by a commercial company, and you are using their internet connection for traffic.

ar-jedi

View Quote View All Quotes

View All Quotes

Quote History

Quoted:

Quoted:
Can someone on a public wifi steal all your info, or just the passwords you type in?

all traffic to/from your WiFi-connected smartphone or laptop can be sniffed for personal data, passwords, etc.

note that information transferred within an SSL session, e.g. Gmail using https://, can not be recovered.

the whole idea of using a VPN is to encrypt EVERYTHING coming/going from your client endpoint.
the other end of the VPN (aka the server) is either (a) a home router set up by you to do this, or (b) a service that provides this for a monthly fee.

in the case of (a), your endpoint traffic is encrypted on your smartphone/laptop, transmitted to your home, decrypted by the VPN server function running on a router supporting this, and then transmitted to the internet. for all intents and purposes it works as if you were surfing from home, not the coffee shop.

in the case of (b), it's similar but the VPN server function is done by a commercial company, and you are using their internet connection for traffic.

ar-jedi

OK, so if I sign into Amazon, it's using their HTTPS log on, so I should be safe...right?

Posted: 10/29/2013 8:06:25 PM EDT

[#42]

Quote History

Quoted:
What is everyone using for a VPN?

View Quote

OpenVPN here.

Posted: 10/29/2013 8:12:11 PM EDT

[#43]

Quote History

Quoted:
OK, so if I sign into Amazon, it's using their HTTPS log on, so I should be safe...right?

View Quote

that's the general idea, yes. only pages, and page elements, using https are encrypted end-to-end and ideally not recoverable by someone sniffing in the middle.

note that there are firewall/security products that can sniff SSL-protected sessions (https://...), but these are usually out of the budget range of your typical Starbucks. these sorts of https gateways are typically employed by corporations to keep their employees in check, prevent intellectual property leaks, and "other".

ar-jedi

Posted: 10/29/2013 8:46:18 PM EDT

[#44]

Quoted:

Quoted:
Can someone on a public wifi steal all your info, or just the passwords you type in?

View Quote

all traffic to/from your WiFi-connected smartphone or laptop can be sniffed for personal data, passwords, etc.

note that information transferred within an SSL session, e.g. Gmail using https://, can not be recovered.

the whole idea of using a VPN is to encrypt EVERYTHING coming/going from your client endpoint.
the other end of the VPN (aka the server) is either (a) a home router set up by you to do this, or (b) a service that provides this for a monthly fee.

in the case of (a), your endpoint traffic is encrypted on your smartphone/laptop, transmitted to your home, decrypted by the VPN server function running on a router supporting this, and then transmitted to the internet. for all intents and purposes it works as if you were surfing from home, not the coffee shop.

in the case of (b), it's similar but the VPN server function is done by a commercial company, and you are using their internet connection for traffic.

ar-jedi

View Quote

OK, so if I sign into Amazon, it's using their HTTPS log on, so I should be safe...right?

View Quote

I'm too drunk/tired to cite right now, but the tech is out there to Man-in-the-middle attack encryption schemes in transparent proxy devices. Mostly service providers (NSA) or employers and not random hackers. You have to be able to trust your Internet providers. It would be safer to encrypt any message before transmission, and exchange keys in person. Dammit, I tried briefly and can't find anything, censored or drunk?

Anyways, it's secure enough for most uses. If any nefarious use becomes of your secure Internet ordering, like my first BCG at WMD

, it's most likely because someone hacked their server and caught everything after it was decrypted. Not likely at Amazon.

[ARCHIVED THREAD] - Do you change your passwords after using a public wi-fi connection?

General » General Discussion

Warning

Confirm Action

About AR15.COM

Stay Connected

Newsletter

Contact Us