Doing your banking at commercial hotspots


Q. I listened with some interest to your comments about doing banking, etc. over an unsecured Wi-Fi connection. You indicated that you would not do this unless you were using a VPN. That's the way I feel, too. A friend of mine is a computer programmer with Intuit. He says if a site is using SSL, anything you type is secure. He indicated they have tried and failed to break it. Could you comment on that?
-- Stephen in Reno, NV, listening on KKOH 780 AM



A. Stephen, your e-mail sparked a lot of conversation in the office. There's nothing we like better than an esoteric computer debate!

We talked with Intuit, but were unable to confirm what you had been told. Nonetheless, the consensus around the office is that your friend is right.

Let's start by identifying the terms you used. VPN is virtual private network. These programs can establish a secure, encrypted connection over the Web. SSL is Secure Sockets Layer. It also is a secure, encrypted Internet connection.

The issue I was addressing on the show was Wi-Fi hotspots. These public Internet connections are not secure. So a thief could easily snag your unencrypted wireless transmissions. You don't want your banking passwords stolen!

Some people use VPN software to establish secure connections to their banks or whatever. But most people don't have that.

Your friend is saying that it doesn't matter. When you go to your banking site, you're asked to sign in with a password. When you do that and click the send button, your user name and password are encrypted by your browser. It uses SSL, which is 128-bit encryption.

Furthermore, any transactions you conduct are also encrypted. SSL encryption has never been broken, as your friend indicated. That will happen some day, as computers grow more powerful. But at this point, SSL is safe.

Any large organization, such as banks and brokerages, should be using SSL. So you should be safe connecting to them at a Wi-Fi hotspot.

E-mail is iffier. Some e-mail connections may be secure; others probably are not. For instance, when you sign into Hotmail, that connection is encrypted. But when you look at the e-mail, it is not. Someone could intercept the e-mail. That's true of e-mail on Yahoo! and Google, too.

So, are you safe doing your banking and stock trading in a hotspot? It appears that you are. Personally, though, I'm going to do mine at home. I don't like hanging my personal laundry in public places. I don't care how well-encrypted it is!