Internet Security for Travelers
By Rick Steves
While you needn't be freaked out about your data security on the road, travelers who are too careless with their digital information open themselves up to significant hassle and expense. Aim for a middle ground of cautiousness, and protect your devices and personal information by heeding the following low-hassle tips.
If you're not using a password manager already, an overseas trip is as good a reason as any to start. (Apple users automatically have iCloud Keychain at their disposal; anyone who regularly uses any non-Apple devices is likely to find 1Password — widely recommended by security experts — worth a subscription.) Don't reuse passwords (a password manager makes it easy to have unique passwords for each site and app). And if you haven't already, enable two-factor authentication and facial recognition on any apps and sites that offer them.
Using Smart Devices...Smartly
Gadget theft is an issue for any traveler. Not only should you take precautions to protect your devices from thieves, but you should also configure them so that your personal and financial data stays private.
First, check that your devices are running the latest versions of its operating system, security software, and apps. Next, consider tightening your security settings. At the very least, make sure your devices are passcode- or password-protected so thieves can't easily access your information.
If it's already protected, consider decreasing the time it takes for the screen to lock when not in use — while it's annoying to have to keep entering your code, that's not nearly as annoying as identity theft. (You can relax your security settings once you're back home.) If you're traveling with an iPhone or iPad, enable its "stolen device protection" feature (available with iOS 17.3 and up).
Set up any app that you use for shopping to require facial recognition or a password each time you open it. (This is doubly important for banking apps — but most are already set up to require a login every time they're opened.) Don't store passwords, PINs, account numbers, or other sensitive information in your Notes/Keep app, or any app that doesn't require its own login. And when entering any key passwords in public, be cognizant of possible prying eyes behind you.
Before you leave home, make sure your devices' "Find My" option is turned on — this can be a lifesaver in case of loss, which is much more likely when you're out of your normal surroundings. If your device is lost or stolen while it's unlocked, as soon as possible change the passwords to any key apps that can be accessed without an additional layer of security (such as your email and any app you use for purchases).
While it used to be important to connect only to password-protected Wi-Fi signals, the widespread use of data encryption has lowered the risk of using an open network to near zero. If connecting to one will help you get out of a jam when you're out and about, don't sweat it.
And though you may have heard warnings about charging your device in a public USB port, "juice jacking" is a non-issue with newer devices. Technically, it's possible that an older device running old software could be accessed via malware loaded into a charging station, but the US Federal Communications Commission notes that it's never received a single confirmed report of this actually taking place.
Using Public Computers Safely
It's perfectly safe to check train schedules, maps, or museum hours on a public computer. The danger lies in accessing personal accounts that require a login and password.
If you do need to access personal accounts on a public computer, make sure that the browser you use doesn't store your login information. If you have the option of opening an "incognito" or "private" browser window, use it. When you sign into any site, look for ways to ensure that the browser forgets your username and password after you log out: For instance, select the box for "public or shared computer" or uncheck any box that says "stay signed in" or "remember me." It's also a good idea to clear the browser's history after you're done, so fewer artifacts of your session remain — especially if you've accessed sensitive information (under the browser's settings, look for a "Privacy" or "Security" category).
Transmitting Financial Information Online
Financial institutions have invested heavily in security to ensure that your personal information remains secure during mobile banking — but it still pays to be careful.
While traveling, if you want to check your checking account or credit-card balances, or take care of other personal-finance chores, use a banking app rather than signing into your bank's website via a browser (the app is less likely to get hacked).
Refrain from logging into personal finance sites on a public computer. Just like at home, don't click on links in unsolicited emails from your bank or respond to texts allegedly sent by your credit-card company.
If you need to enter your credit-card information online, such as for booking museum or theater tickets, make sure the site is secure. Most browsers display a little padlock icon to indicate this; also check that the page's URL begins with "https" instead of "http." Never send a credit-card number (or any other sensitive information) over a website that doesn't begin with "https."
Chances are, sending your credit-card number via email won't result in fraud. Still, it's smart to avoid that risk — if you can't book a room by entering your card details through a secure website, it's better to call — or even text — with your card number than email it. (And if you must email your number, permanently delete that email from your account once you know it's been received.)
Incredibly, I still see travel outfitters selling wallets and purses promising to block "RFID skimming" (in which apocryphal thieves lurking nearby use equipment to read data emitted by the radio-frequency identification chips that make contactless payment possible). This has never been a significant problem, primarily because this is a high-effort, low-payoff scheme — why would a scammer even bother getting the data-reading apparatus, which can't read any signal that's more than an inch or two away, when any thief can easily pluck a wallet from one of the many travelers who haven't taken my advice to use a money belt? This is especially hard to imagine now that most data transmitted via contactless payment is encrypted. Cross this off your list of worries.