Our valued sponsor
How do you protect or setup your e-mails for banking purposes?
- Thread starter iloveyouguys
- Start date
What are you asking about exactly?
Email is inherently flawed, which is why EMIs and banks usually don't send anything sensitive via email.
While using Protonmail, Tutanota, Criptext, or other encrypted email service can increase your email security (especially if you are emailing to other users of the same service, of use PGP), they don't help you avoid the fundamental insecurities with email.
Email is inherently flawed, which is why EMIs and banks usually don't send anything sensitive via email.
While using Protonmail, Tutanota, Criptext, or other encrypted email service can increase your email security (especially if you are emailing to other users of the same service, of use PGP), they don't help you avoid the fundamental insecurities with email.
What methods do you use to keep yourself safe regarding banking or other sensitive account management/control?
From a technical perspective?
You're only as safe as the weakest link in your chain.
Make sure you are using the latest security updates of whatever device and software you have. Choice of operating system (for your phone and for your laptop) can also be a factor.
Use strong passwords and enable two-factor authentication (2FA) wherever possible. Avoid 2FA via SMS because it leaves you vulnerable to SIM cloning.
Use a password manager to make sure your passwords are long and complex. If you want to go all the way, consider one with YubiKey support to enable 2FA of your password manager: Yubico | YubiKey strong two factor authentication
Some free options:
KeePassXC: KeePassXC Password Manager Based on KeePass and KeePassX. There KeePass apps for Android and iOS, too.
Bitward: Open Source Password Management Solutions | Bitwarden
Look at PrivacyTools (PrivacyTools - Encryption Against Global Mass Surveillance) for information about how to improve your privacy, which might also affect security by reducing risk of exposure to malicious scripts and trackers.
Avoid public Wi-Fi networks, especially if they are not encrypted.
In most cases, VPN doesn't add anything for security, unless you are in an ultra repressive country like China. But if you find yourself in an airport lounge with no 4G coverage and a dodgy Wi-Fi, a good and trusted VPN is better than no VPN.
You're only as safe as the weakest link in your chain.
Make sure you are using the latest security updates of whatever device and software you have. Choice of operating system (for your phone and for your laptop) can also be a factor.
Use strong passwords and enable two-factor authentication (2FA) wherever possible. Avoid 2FA via SMS because it leaves you vulnerable to SIM cloning.
Use a password manager to make sure your passwords are long and complex. If you want to go all the way, consider one with YubiKey support to enable 2FA of your password manager: Yubico | YubiKey strong two factor authentication
Some free options:
KeePassXC: KeePassXC Password Manager Based on KeePass and KeePassX. There KeePass apps for Android and iOS, too.
Bitward: Open Source Password Management Solutions | Bitwarden
Look at PrivacyTools (PrivacyTools - Encryption Against Global Mass Surveillance) for information about how to improve your privacy, which might also affect security by reducing risk of exposure to malicious scripts and trackers.
Avoid public Wi-Fi networks, especially if they are not encrypted.
In most cases, VPN doesn't add anything for security, unless you are in an ultra repressive country like China. But if you find yourself in an airport lounge with no 4G coverage and a dodgy Wi-Fi, a good and trusted VPN is better than no VPN.
What is the problem with using public unencrypted Wi-Fi as long as your traffic is SSL?
Thanks a lot! Let me ask a few questions.
1. What can you use as a replacement for 2FA with SMS?
2. How do you trust password managers? (Unless you compile the source code yourself)
3. Popular VPNs have features like these: data encryption (AES-128), data authentication (GCM), handshake (RSA-2048) and HTTPS port for connection. These won't keep you safe?
4. How safe is using your mobile hotspot with your computer in public?
1. Google Authenticator, Authy
2. I dont know either lol.
3. VPNs HTTPS feature only protects you from HTTP connection accidentally made by the website. However if your original traffic is not SSL (not HTTPS) you are open for the man in the middle attack by your VPN provider.
4. As safe as your mobile device is. If it doesnt get hacked, then you are good.
MITM attack is prevented by data encryption, authentication and the handshake. No?
You are talking about SSL between VPN and your machine. There is another SSL under this VPN SSL. Two SSL on top of each other. Basically nothing stops your VPN from performing MITM on you if you dont have underlying SSL encryption (under SSL given by VPN provider)
Almost none. Probably just an old fear from when it was easier to spoof certificates.
1. As mentioned, Authy and Google Authenticator are among the most popular.
2. Trust is ultimately a personal choice. I tend to trust popular open source projects with many contributors and widespread usage among technically minded people more than closed-source products. I'd rather use KeePass or Bitwarden over Dashlane or LastPass.
3. Think of VPN as nothing more than a way to watch Netflix from other countries and, possibly, improve your personal privacy. I don't mean to imply that VPNs are bad. But they do not in most cases make your internet experience any safer.
4. It depends on what encryption your hotspot uses but if it's any modern phone, chances are it'll be just as safe as using your phone directly.
Some phones don't rotate the password very often so, just as a precaution, make sure you change your hotspot password every once in a while.
The first question you should ask is - who is your enemy? And then adjust your opsec appropriately.
Are you perhaps worries about...
- someone logging into your email and reading sensitive data
- someone sending you (or your colleagues) malicious links to spyware, ransomware etc.
- your email being abused for something like social engineering or CEO fraud
- government subpoeaning the email provider and getting your data
- reliability and accessibility of the service in all circumstances
Your questions
1) probably everything is better than SMS (physical token, Google Authenticator, bank app, Authy)
2) there are some desktop open-source ones if you are paranoid
3) you can never be sure so use HTTPS always on and also including DNS over TLS which can be biggest vulnerability. For VPN, always use anonymous account details and pay anonymously. If you don't trust VPN, use Tor.
Unfortunately some countries (think Kazakhstan, UAE...) possibly have access to certificate authorities so they can fake your connection destination and do MITM attack even over HTTPS without you noticing. This is however very high profile stuff, e.g. if you are a disident or enemy of the state.
4) use strong password and don't name your hotspot with a name that is connected to you.
If you are paranoid, read e.g. the book from Edward Snowden, in one chapter he writes about how he used the internet when his enemy was the NSA and he couldn't afford to make a mistake.
Similar threads
- Question
