Is it safe to bank online with wifi?

Chadsman

Is it safe to use online banking with wifi?
...and what security software would anyone suggest- macafee, norton...?
:beer:

giraffe69

It's a bit more risky than doing it with a wired line. Run a decent AV e.g Avast, have something like Malwarebytes also, make sure your firewall is active and ensure you sign out properly.

macman

Not if you have secured your wi-fi properly with a minimum of WPA encryption, which hopefully you have already done.
McAfee is dire-use a decent AV such as Avast, Avira or MSE.
And Kaspersky is free with Barclays online banking.

kwikbreaks

Your own wifi properly secured yes.

Known provider public free probably not

Unknown provider wifi (ie chanced upon open router) almost certainly not.

esuhl

With wifi, one vulnerability is the connection security (ideally you'll want to use WPA or WPA2 encryption). WEP is trivially easy to crack; WPA can be cracked, but takes a long time, so it's not the sort of thing an opportunist would do, so much less likely to happen. The only way to reduce the risk further would be to us a long password of random characters and change it frequently.

The other vulnerability is in inadvertently connecting to a rogue network. Someone could set up a network nearby with the same name as yours and hope you log on to it by mistake. They could intercept your request for https://www.mybank.com and present you with a fake page that recorded your login details.

So as long as your close neighbours aren't too dodgy and you don't have any suspicious characters lurking in the bushes, using WPA or WPA2 (better) encryption on your router should be enough.

Whether you're using wifi or not, it's best not to click links to your bank in emails or web pages (as they can be faked and direct you to rogue sites), and make sure that from the point your prompted to log in, the web address begins "https://". That way no one can eavesdrop on your connection.

chunter

http://en.wikipedia.org/wiki/Wireless_LAN_Security.
In 2005, the FBI was able to crack WEP in 3 minutes with a couple of bits of open source software.
I'd imagine it'd take a lot less time now.

http://www.bbc.co.uk/blogs/watchdog/2009/10/wifi_hot_spots_not_secure.html
I'd also stay away from Open Access Points. Non https pages can be instaneously displayed on other users screens using a bit of open source software.

stkmgr

If the connection is HTTPS which is SSL 128 Encryption the data packets you are transmitting through the air are not readable by hackers using packet sniffing tools. If your machine is infected with malware or has a key-logger installed this is another issue.

esuhl

stkmgr wrote: »

If the connection is HTTPS which is SSL 128 Encryption the data packets you are transmitting through the air are not readable by hackers using packet sniffing tools. If your machine is infected with malware or has a key-logger installed this is another issue.

It doesn't have to be SSL 128-bit encryption. 256-bit encryption would be more secure.

Also, wouldn't it be possible to set up a rogue access point to present a local HTTP file using SSL and intercept the entered data - i.e. the SSL connection would exist between the client and access point, rather than the client and the bank's web server...?

debitcardmayhem

I would set up DNS resolution to use 8.8.8.8;8.8.4.4 or opendns or even your own ISP's dns(yuk)
However I have my own USB stick with systemrescuecd (modified for DNS and Host file including my Banks's IPs) there is no easy way to use a proxy in between.

free4440273

it's safe if u are encrypted -- as well as the banking site -- / i would always choose to use Ethernet cable if i had the choice though.

Gillor

free4440273 wrote: »

it's safe if u are encrypted -- as well as the banking site -- / i would always choose to use Ethernet cable if i had the choice though.

http://www.youtube.com/user/scamplots#p/u/11/jqic_aY3TqQ