![\"Michael](\"https:\/\/www.transcend.org\/tms\/wp-content\/uploads\/2014\/06\/free-wifi-steal.jpg\")
<\/a>Michael Meister<\/p><\/div>\n
So how to feed your addiction while also safeguarding your passwords and privacy? If you\u2019re not going to abstain (and who is these days?), here are four rules for staying connected and (reasonably) safe while traveling.<\/p>\n
1. MAKE SURE THAT ANY SITE YOU VISIT HAS \u2018HTTPS\u2019 IN FRONT OF THE URL<\/strong><\/p>\n Those five letters indicate that the page is encrypted, which prevents others from seeing what you\u2019re doing. If you\u2019re browsing the web in a Starbucks or any place with an open network and you do not see \u201chttps,\u201d it\u2019s possible that someone there with nefarious intentions can see the site you\u2019re visiting and the exact pages you request on that site.<\/p>\n \u201cThey can see that you\u2019re connecting to Amazon and that you\u2019re looking for remedial algebra books,\u201d said Nadia Heninger, an assistant professor of computer and information science at the University of Pennsylvania. Indeed, the only part of an e-commerce site that may be encrypted is the page where you access your account information or enter your credit card number.<\/p>\n Sites like Gmail.com<\/a> and Yahoo.com<\/a> use \u201chttps\u201d by default, but type your password into a web-based email site that does not use it and a third party could see (and steal) that password. This sort of eavesdropping is easier than you might think. There are a number of tools that allow anyone who downloads them to see all the data that flies back and forth between a browser and a web server, said Jason Hong, an associate professor at the Human Computer Interaction Institute at Carnegie Mellon University.<\/p>\n Moreover, anyone can set up a Wi-Fi network for criminal purposes and give it a legitimate-sounding name. Say, for example, you\u2019re in the Paris M\u00e9tro and you join a free network that looks like an official city initiative. \u201cYou have no idea what Wi-Fi network that is,\u201d Professor Heninger said. \u201cIt could be set up by a hacker.\u201d And if he or she has malicious intentions, when you go to a popular site like Facebook you may actually be logging into a fake page that allows the hacker to steal your password. \u201cIt is surprisingly common,\u201d Professor Heninger said.<\/p>\n But surely, using Wi-Fi at a hotel is safe, right? \u201cThat\u2019s only marginally better,\u201d Professor Hong said. On the bright side, he said it\u2019s unlikely that a criminal would bother monitoring the hotel\u2019s traffic for a few passwords because the cost-benefit is simply not there. That person would get a bigger payoff from phishing emails, Professor Hong said, in which the sender masquerades as a known source like your bank or credit card company to get sensitive information like your banking passwords.<\/p>\n Even so, protect your computer by ensuring that your web browsers are up-to-date. Turn on your firewall and turn off file sharing.<\/p>\n 2. USE A VIRTUAL PRIVATE NETWORK, OR VPN<\/strong><\/p>\n If you work for a corporation, chances are you either already have one or have a technology department that can give you one. Using a VPN essentially encrypts all your online traffic, ensuring that no one can eavesdrop. It also routes that activity through whoever owns the VPN (your employer). So if, for example, I\u2019m in a hotel in Japan using my VPN, all of my traffic gets sent to The New York Times\u2019s servers and is then redirected again so it appears as if it is coming from The Times rather than from a hotel room in Japan. To access the VPN, users are typically given a name and a password and often also a constantly changing set of numbers on a fob that must be entered to access the network.<\/p>\n Don\u2019t have a VPN? There\u2019s Tor, software that prevents third parties from seeing your location or the sites you visit. \u201cIt\u2019s totally free and fairly easy to use,\u201d said Professor Heninger, who uses Tor. The software can be downloaded at Torproject.org<\/a>.<\/p>\n 3. SIGN UP FOR TWO-STEP VERIFICATION<\/strong><\/p>\n More and more sites \u2014 Facebook, Twitter, Yahoo, WordPress \u2014 allow users to set up their accounts so that signing in requires two ways of proving who they are. The most common method requires a password you create plus a code that is sent to you \u2014 via text message or through a special app \u2014 each time you wish to sign in.<\/p>\n For instance, let\u2019s say you logged onto a fake Facebook page and hackers captured your user name and password. If that happened without two-step verification (known on Facebook as \u201clogin approvals\u201d), the hackers could access your account when you log off. If, however, you had enabled login approvals, even though your user name and password were captured, the hackers would not be able to log into your account because they wouldn\u2019t receive the requisite code.\u00a0Now, if you\u2019re someone who uses the same password for everything, this is where you still run into trouble. Here\u2019s why: If your user name and password for Facebook are the same as those for another website that does not have two-step verification, hackers might figure that out and break into your other accounts. Yes, I know, you can\u2019t keep all your passwords straight. That\u2019s why there are password managers like 1Password<\/a> and LastPass<\/a>, which can create and store long, unique passwords.<\/p>\n 4. BRING ONLY WHAT YOU NEED AND TURN OFF WHAT YOU\u2019RE NOT USING<\/strong><\/p>\n The latter goes for Wi-Fi and for Bluetooth. \u201cIt\u2019s just another way to be compromised,\u201d Professor Heninger said.<\/p>\n And don\u2019t give away your email address or download an app in exchange for free Wi-Fi.<\/p>\n \u201cThink about the recipient of that information,\u201d she said. \u201cYou have no idea who set up that Wi-Fi network,\u201d she continued, adding \u201cYou might have just downloaded an app that will download all your contacts.\u201d<\/p>\n When it comes to travel booking and organization apps, one security concern is how much of your personal information the app is sharing, and with whom. Professor Hong said that, in general, apps that charge a fee are better because they have a revenue model. Those that do not are more likely to sell your information.\u00a0He added that whether they are free or not, apps are also a potential security risk because they do not always encrypt your data when communicating to Web servers.<\/p>\n If you\u2019re seriously concerned about security, Professor Heninger suggests creating a special travel email address and password.\u00a0And she recommends buying a \u201ctravel laptop\u201d that you load with only the information you need.<\/p>\n Indeed, Professor Hong said he would worry more about the theft of your computer than your various passwords. He cited an incident in 2000 in which the laptop of the Qualcomm chief executive at the time, Irwin Jacobs, disappeared at a conference in Irvine, Calif.\u00a0\u201cHe turned his back and the laptop was gone,\u201d Professor Hong said.<\/p>\n Average travelers, he continued, should be just as mindful, if not more, of having their smartphone plucked from their hand by a thief on the street.<\/p>\n \u201cAttackers usually go for the easiest thing,\u201d he said. \u201cDon\u2019t ever underestimate the power of snatch and grab.\u201d<\/p>\n