So as far as I know it is very recommended to use a vpn when connected to a public wifi, especially when entering sensitive informations. I’ve been doing so so far, but only when entering sensitive informations via browser. My question is do I need to use a vpn when entering passwords via apps, like Bitwarden or email clients?
HTTPS makes your connection secure.
Not VPN related, but I would say with modern browsers you are much more likely to leak information via poorly written/implemented apps than in a browser. I’ve seen some really bad “roll your own” encryptions or just plain text transmission built into apps. It’s why a lot of apps use facebook/google/apple login and are generally better for it, while those aren’t great for privacy (and I avoid using them) they are usually much better login methods than what that dev would have hastily thrown together.
VPNs mostly protect you from ISP snooping nowadays. MitM attacks are less of a concern on shared networks than they used to be because of the changes made to default OS and network configs now that they’ve been more generally known. Hopefully more public wifi has some client isolation and devices have a lot harder time seeing each other on networks that don’t require it as well.
So, I’m not sure what your “need” for a VPN is, but protecting passwords really isn’t something they do. Password reuse is a much bigger concern than MitM and a password manager and changing passwords “often” would serve you better for password protection. https://haveibeenpwned.com/FAQs is a good place to get to know more about what to worry about around your passwords.
At least with browsers, we can see if HTTPS is being used. With apps we can’t tell if they are even encrypting at all, so enabling the VPN is a good idea.
In the HTTPS era MITM attacks aren’t as dangerous as they used to be. Yet, trustworthy VPN is never a bad idea. But if you want to make your accounts more secure first of all use a password manager (bitwarden is a good choice), and use a unique password for it, its more crucial
Since a MTM attack is so easy to pull off, as is a sniffing attack
I’d say it’s a good idea
Get a password manager and keep your passwords safe(r) that way. Make randomly generated passwords. Yes use a VPN for everything not necessarily for passwords.
Neither of those things really addresses your question as much as they are just good inter-webs hygiene.
I assume they do, but how do you know if an app like a bank app or whatever is using a secured connection?
Ok then. I thought https was still not that safe so that I needed a vpn when entering passwords.
Ye my need in this question is a protection from MitM attacks. Apps I use (that needs login) are pretty much Bitwarden and Tutanota. So I dont think theyre poorly written
Okay. But someone above said that apps I use are encrypted so ye. But I’ll be using vpn if someday If got to install apps that I dont know whether theyre encrypted or no
I thought https was not that safe. So actually I dont need a vpn when entering passwords on a https site?
Of course I always use a vpn whenever I dont want my isp to see what sites I visit
Ye thanks ive been using a pass manager all this time. I didnt know https was that safe so I thought I’d still need a vpn to prevent MiTM attacks.
a MTM attack is so easy to pull off
How is it easy to pull off, unless you can get the user to install a certificate, or get them to use HTTP instead of HTTPS ?
Im using a pass manager, and use randomly generated passwords. I use vpn also when I dont want my isp to see the sites I visit
how do you secure password managers? do they allow you to store passwords both mobile and desktop, and to connect seamlessly the way google logins are?
reason i ask is because with google or apple (mobile), i can easily login to what i need, but i dont get the benefit (at least on desktop) for password managing and password regeneration
It uses TLS, of course it’s safe. It’s like establishing a VPN tunnel between you and the site, anyone in between (i.e. your ISP) only see up to the top level domain of the address, everything else is encrypted.
Passwords are protected by complexity and hashing. Use a password manager like Bitwarden.
I don’t necessarily mean poorly written for their intended use, but for their security/encryption/transmission. I can almost guarantee you would be surprised at the number of mainstream apps that leak data like a sieve. I am not familiar with Tutanota, but Bitwarden is considered safe. They are a scrutinized security app, so just need to keep an eye on reports/disclosures about where they’ve been found to be vulnerable and act accordingly. Have a good master passphrase, change it (and the saved ones) every so often, then at least password reuse should be a non-issue.
A trusted VPN is great protection against MitM, but this may or may not be the threat to look out for on a shared network. Risk analysis and identification is one of the hardest parts of staying secure yet functional. I hope it’s fun to learn for more people, there are certainly more resources to do so now.
Yeah, I just leave VPN on when using any network not controlled by me, as an additional layer of security regardless of how each individual service I use is secured.
You mainly need vpn if your network is censored, it if you don’t want your provider to be able to analyse your traffic (know what websites you use, but don’t know what you do on them)