How safe is wifi?

Should I trust my online banking to my wifi setup? I'm using WPA2, AES, and a 63-character random alphanumeric passphrase, which I change weekly. My bank uses https, of course.

Are the packets well-enough-encrypted as they pass from my router to my computer?

Thanks.

Reply to
Warren Oates
Loading thread data ...

as long as the website is secure (https vs. http) you'll be fine. one thing that some folks overlook is the login page. be sure that the login page for your bank, credit card, etc. is also secure (https).

73, rich, n9dko
Reply to
Rich

On Sun, 15 Oct 2006 09:47:34 -0400, Warren Oates wrote in :

Yes.

Reply to
John Navas

Warren Oates hath wroth:

Yes. The packets are secure with WPA2 and a long random password.

I'm never sure about the users. For example, many users save their login and passwords in IE6 or Firefox browsers saved passwords. Those are easily read and recovered. I really enjoy the shock value of reading back the passwords to a customer.

Same with documentation. Many users save their passwords on the back of envelopes, post it notes, or unencrypted files on their hard disk. A simple search for documents with the word "password" inside usually finds these.

Also, beware of family members bearing cameras and camcorders while you're logging into online banking. Your keystrokes can be easily recovered.

There's also a problem with all shared key schemes such as WPA2. Your router may be secure (assuming you set a router configuration password), but the client computers also need the same key. If the other clients are compromised, so is your entire wireless network.

Reply to
Jeff Liebermann

My bank doesn't seem to let Firefox keep the password; I don't remember ever being asked if I wanted to save it. I wouldn't have done so.

Well, I'm not worried about my _banking_ password, which is long enough and complicated enough that no one else will figure it out, and I change it frequently as well. I'm not too worried about physical security, there's only two of us in the house, and I don't keep anything written down in plain sight. The wife is more cautious than I am, if anything.

Never thought of that. Hmm. Cousin Teddy, why are you filming me while I pay my gas bill?

That's interesting, but I reckon that if my banking password is secure, as I mentioned above, no one that I allow access to my network can get at it. Anyway, it's only people I trust that use the wireless connection. I'm not running a "hot spot."

Thanks for the reply.

Reply to
Warren Oates

On Sun, 15 Oct 2006 15:30:12 -0400, Warren Oates wrote in :

That's a function of the browser (Firefox), not your bank.

Reply to
John Navas

Warren Oates hath wroth:

You're correct.

Most banks have more than one login page which vary somewhat as to how they operate. With one smaller bank, the home page login forces the browser to NOT remember passwords, while the simpler login pages do offer to save the password. Most do it by turning off autocomplete which is another file worth cleaning. Most banks never offer to remember the password.

It's also fairly easy to circumvent with a Firefox extension or Javascript: |

formatting link
|
formatting link
wouldn't do it.

When I give myself a tour of users passwords in Firefox, I sometimes do fine bank passwords, but they are few and far between.

There's also a question of how functional are the web pages in the first place. See: |

formatting link
discussion following the article has a few relevant points.

It appears that you have the security thing fairly well under control. However, I would feel much better if my bank offered S-Key OTK (one time key) services for authentication. |

formatting link
|
formatting link
very nature of having a password makes it insecure. If someone has your password, they own your bank account. That could be delivered via a keystroke logger, spyware, or other malware. With the level of complexity found in todays computahs, methinks operating on the assumption that a machine has been compromised is a fair assumption. This makes passwords problematic.

Think cell phone camera. I went to dinner with some local geeks. One of them was covertly recording most of the 2 hour dinner and conversation with a very small PC and CCD camera. These can also be obtained from the spy shops. This isn't the one but something like these would work: |

formatting link
|
formatting link
one of my former neighbors 15 year old son was a "finger hacker". He could watch someone dial a phone number, or type something on the keyboard, and read back what was typed including shifted and control characters. Long ago, I drop one IT department nuts by using their own video security cameras in the server room to record the keystrokes of the admin logging in on the console.

Well, even if your wireless network security were compromised, there's no guarantee that any of the information passed along the wireless network is useful if encrypted by the bank. There's also no guarantee that an evil hacker would automatically gain access to your computer and extract your password from a file. If this is an issue, just use the Windoze personal firewall to keep other users out of your computer.

Reply to
Jeff Liebermann

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.