First Foreign WiFi

goodValue

This will  be the first time I've used internet devices abroad.
What is the current situation wrt WiFi security?

Have the financial companies made their systems secure enough to use in public WiFi places?

Do I need to take some precautions when I use a financial app?

Brie

Your problem may be with authorisations rather than anything else.  I can log into my accounts in other countries but if anything goes wrong or I need to set up a new payee it won't work as I can't use my mobile outside the UK (well I can but it's too too expensive) so I get a new sim & number each trip.  Of course I can't set this up with my bank in advance as I get the sim when I reach my destination and then can't use it to get through security.  

DullGreyGuy

Why do you think foreign wifi is any more or less secure than UK wifi? Ultimately any public wifi presents a certain level of risk and the country you're in is broadly irrelevant. 

There are millions of people that use public wifi frequently all over the globe including financial apps and never have a problem. There are others who say you should absolutely never connect to any wifi other than your home. Most people are on the spectrum somewhere between the two. 

Personally... I have VPN software for the purposes of being able to watch BBC iPlayer whilst overseas (or watch overseas TV (eg HBO Max) whilst in the UK). If I remember then I may turn on the VPN when using public wifi (uk or abroad) but most the time don't. VPN programmes secure the communications over the wifi but some apps will identify that the request is coming via VPN and block it because they cannot fully identify the user... don't know any UK banking apps that do this but its possible... I've had it with some non-financial apps (mainly as they want to enforce territorial limits)

goodValue

It was my understanding that WiFi is completely independent of your phone provider.
So if you use an app with WiFi on, it doesn't cost you anything.

Did you mean using a laptop to access a website that required a text message to login?
Would that not be free, or do some providers charge you to receive text messages when abroad?

TadleyBaggie

As long as the website is using HTTPS, everything is encrypted from your device to the server. 

400ixl

TadleyBaggie said:

As long as the website is using HTTPS, everything is encrypted from your device to the server. 

And? that doesn't mean a piggy in the middle attack has not happened on the local wifi.

Basically the location makes little difference, the most secure stance is do not do any financial activity on a public wifi unless you have a secure VPN running on your device.

400ixl

goodValue said:

It was my understanding that WiFi is completely independent of your phone provider.
So if you use an app with WiFi on, it doesn't cost you anything.

Did you mean using a laptop to access a website that required a text message to login?
Would that not be free, or do some providers charge you to receive text messages when abroad?

They are talking about where the application has 2 factor authentication set up. When you log in with a password it then sends a text message with a code that you then have to enter to login. If you are abroad you need to be able to receive these text messages to login.

Its the weakest of 2FA solutions, but better than just a password. If you don't have any that use this form of 2FA then not an issue or if you will be able to get text messages on the number they send it to abroad, then not an issue either.

goodValue

Why do you think foreign wifi is any more or less secure than UK wifi? Ultimately any public wifi presents a certain level of risk and the country you're in is broadly irrelevant. 

I don't use the internet that much, don't have home internet, and  library  usage serves most of my needs.
My thought was that abroad, it would be safer accessing an app on your phone, than relying on a computer in a cyber cafe.

goodValue

As long as the website is using HTTPS, everything is encrypted from your device to the server. 

Yes, I have read that before.
My original question was is there similar security measures when using an app on your phone, rather than a website.

goodValue

And? that doesn't mean a piggy in the middle attack has not happened on the local wifi.

I'm not experienced enough to know what this attack is, but could it also happen when you access a website with a desktop or laptop?

goodValue

They are talking about where the application has 2 factor authentication set up. When you log in with a password it then sends a text message with a code that you then have to enter to login. If you are abroad you need to be able to receive these text messages to login.

In my original post, I meant app as the programme you download onto a mobile phone.
AFAIK these do not use text messages, as the companies think the app is secure without them.
Does using these apps over WiFi then introduce extra security issues that have to be addressed