Internet Security for Travelers

The joys of widespread Wi-Fi availability come with the responsibility to take some protective precautions.
Take extra care if using a public terminal — if you must log in to any account, use an incognito window, and be absolutely sure you've logged out.
By Rick Steves

Identity theft and account hacking are a worry for many travelers, but they needn’t be — just taking the simplest of precautions can drastically reduce your risk.

Whether you’re accessing the Internet with your own wireless device or at a public terminal, using a shared network or computer comes with the potential for increased security risks. In general, accessing Wi-Fi on your own device is safer than logging on to a public computer — but any logging in you do online can open you up to cyber attacks. (And this applies just as much to using your device in your home-town coffee shop as it does to having it along in Europe.)

While you shouldn’t be freaked out about your computer use on the road, travelers who are too careless with their digital safety open themselves up to significant hassle and expense. Aim for a middle ground of cautiousness, and protect your personal information by heeding the following tips.

Safety Tips for Traveling with Your Own Device

If you’re traveling with your own smartphone, tablet, or laptop, start by configuring it for maximum security. First, check that you’re running the latest version of your device’s operating system and security software.

Next, consider tightening your security settings. At the very least, make sure your device is password (or passcode) protected. If it’s already protected, consider shrinking the interval between its last use and when the screen locks — while it’s annoying to have to keep entering your code, that’s not nearly as annoying as identity theft (and you can relax your security settings once you’re home). To be extra careful with your mobile device, consider setting passwords on apps that access key info (such as email or Facebook).

Many computers have a file-sharing option. Though it’s likely off by default, it’s a good idea to check that this option is not activated so that people on the same Wi-Fi network can’t access your files (if you’re not sure how, do a search for your operating system’s name and “turn off file sharing”). Newer versions of Windows have a “Public network” setting (choose this when you first join the network) that automatically configures your computer so that it’s less susceptible to invasion.

Once on the road, use only legitimate hotspots. Ask the hotel or café for the specific name of their network, and make sure you log on to that exact one. In an effort to gain access to your computer, hackers sometimes create bogus hotspots with a similar or vague name (such as “Hotel Europa Free Wi-Fi”) that shows up alongside a bunch of authentic networks. It’s better if a network uses a password (especially a hard-to-guess one) rather than being open to the world. If you’re not actively using a hotspot, turn off Wi-Fi so that your computer is not visible to others.

Safety Tips for Using Public Internet Terminals

Public computers are great for any task that doesn’t require you to log in — just checking train schedules, maps, or museum hours doesn’t pose a security risk. The danger lies in accessing any sites that require you to enter a login (such as email, Facebook, or any ecommerce sites).

If you’re traveling with your own device, try to make that your sole means of accessing your accounts. But if you’ll be relying on hotel-lobby computers, or Internet café terminals, always keep in mind that you have no idea who used that computer last — or who will hop on next. Public computers may be loaded with damaging malware, such as key-logger programs that keep track of what you’re typing — including passwords.

Make sure that the computer’s Internet browser doesn’t store your login information. If you have the option of opening an “incognito” or “private” window, use it. Whenever you sign in to any site, look for opportunities to ensure that the browser forgets your user name and password after you log out: If given the option, click the box for “public or shared computer” or unclick any box that says “stay signed in” or “remember me.” It’s also a good idea to clear out the Internet browser’s cache, history, and cookies after you’re done using a public computer, so that fewer artifacts of your surfing session remain — especially if you’ve accessed sensitive information (under the browser’s “Options” or “Preferences” settings, look for a “Privacy” or “Security” category).

Finally, consider setting up two-step verification for your most important accounts, which requires you to enter not just a password but a second code whenever you log in on an unfamiliar computer (available with many Web-based email and social-networking sites).

Accessing Personal Information Online

While you’re away, you may be tempted to check your online banking or credit-card statements, or to take care of other personal-finance chores. Internet security experts advise against accessing these sites entirely while traveling. Even if you’re using your own computer at a password-protected hotspot, any hacker who’s logged on to the same network may be able to see what you’re up to. If you need to log on to a banking website, try to do so on a hard-wired connection (i.e., using an Ethernet cable in your hotel room); failing that, a cell-phone-based Internet signal (that is, through your smartphone’s data plan) is still safer than any Wi-Fi connection. Ultimately, the chances are remote that your hotspot will happen to be under scrutiny by a hacker — but it’s possible.

Even if you avoid online banking during your trip, you may still need to make a few purchases online (for instance, if booking theater or museum tickets). If so, make sure that the site is secure. Most browsers display a little padlock icon to indicate that the site’s secure; also check that the page’s URL begins with httpsinstead of http. Never send a credit-card number (or any other sensitive information) over a website that doesn’t begin with https.

For other accounts, such as email, consider upping your security settings while you’re on your trip (for example, see Facebook’s “extra security features” page).

Savvy password habits are also critical. Above all, don’t use individual dictionary words, don’t reuse passwords (or even similar passwords) across different sites (a password-manager program really helps), and think in terms of using a “passphrase” — the longer your password, the better. Take a few minutes to read up online for up-to-date password advice (such as this article, and this list of the top 25 worst passwords).

It’s also important to be careful if emailing personal information. Don’t send your credit-card number in one email message. It’s better to call or fax. Some people send their credit-card number in two halves, via two separate email messages. For extra security, a few banks, such as Citi and Bank of America, allow their customers to create virtual account numbers, which are one-time or short-term numbers linked to their regular credit card.