Safe? Sure. Safer? Probably not much.
Online banking these days is relatively safe to begin with. HTTPS connections, for example, mean your conversation with the bank is encrypted between your computer and the bank’s servers, regardless of whether or not you use a VPN.
There are a couple of things that a VPN kinda/sorta makes slightly safer.
Let’s examine the differences.
VPN Banking
Online banking is already secure with HTTPS connections, even without a VPN. A VPN can hide which bank you’re using, but it doesn’t make your banking safer in most ways. In my opinion, the bigger risk is losing your laptop, so focus on strong logins and two-factor authentication instead.
No VPN
Without a VPN, connecting to your bank’s website happens over an HTTPS connection. This means that data is encrypted before it leaves your machine and can only be decrypted when it arrives at the bank’s server, and vice versa. No one in between can make sense of the encrypted data.
This provides nearly bulletproof security regardless of whether you are at home or on the road. No one can intercept your data, not the ISP you’re using, the open hotspot you’re connected to, or anyone else.
That doesn’t mean it’s completely risk-free, however.
Help keep it going by becoming a Patron.
Related
What VPN Should I Use?
VPNs protect from certain types of surveillance and more. I'll discuss what they're good for and what to consider when selecting one.#27629
The risk(s) of no VPN
Without a VPN, due to HTTPS, no one can see what data you’re exchanging. However, a hacker can see that you are connected to your bank. In fact, they can see which bank you use. That tells them you may have your credentials for logging into your bank available.
This could make you a slightly bigger target for other forms of malicious behavior. It seems unlikely but possible that knowing you’re connecting to a specific financial institution could be enough of an incentive to try to steal your laptop, for example, and see if your accounts could be broken into once they have physical access to your computer.
It’s not something I worry about.
Another form of vulnerability is called a “man in the middle” attack. When you connect to your bank, information is securely exchanged as part of setting up that encrypted connection. In rare cases, it’s possible that a malicious actor could insert themselves in such a way as to appear to be your bank, right down to the HTTPS verification. This is extremely rare and difficult, and almost always involves some kind of notification that certificates are being installed on your machine. Accepting these types of unrecognized certificates can lead to HTTPS compromise (so, as always, pay attention to notifications).
This is something I worry about even less, mostly because it’s extremely rare, plus there’s a notification that something’s happening, which I’d never allow while on the road. The more common scenario is when schools or corporate networks intentionally use the same technique to monitor their users’ online activities.
With a VPN
Using a VPN, your connection to your bank still happens over HTTPS and is end-to-end encrypted between you and your bank. The VPN adds a layer of encryption and data obfuscation between your machine and the VPN’s internet server.
A VPN hides what you’re doing. If someone can see data to and from your machine, the only thing they can see is that you’re using a VPN (and which one you’re using). They cannot see that you’re doing any online banking, or which bank you use, at all.
The VPN service, of course, knows which bank you’re connecting to, but still can’t see the data being exchanged.
The only real risk a VPN introduces is that it could perform a man-in-the-middle attack on the HTTPS connection — but again, there would be notifications that something was going on.
What I do
I bank online all the time. It’s convenient, and most importantly, it’s safe.
If I’m at my local coffee shop or airport, I’ll fire up my trusted VPN before I do anything (banking or otherwise), but I also don’t panic if I forget to. HTTPS has me covered.
What I definitely do, though, is when a site asks if I want it to remember my sign in (usually a little checkbox below the username and password fields) I’ll always explicitly say “no” (by leaving that unchecked).
The bigger risk of banking on the road
Clearly, I don’t consider packet sniffing and data interception nearly the problem it once was, but that doesn’t mean that there aren’t risks.
Ways that I reduce those risks include:
- My password manager auto-locks more quickly on my laptop.
- I never tell my bank or other sensitive sites to remember me; I want to log in from scratch every time.
- For accounts with two-factor authentication (which is as many as I can enable), I never have it “register” the device; I want it to ask for two-factor every time.
The biggest risk, in my opinion, is losing my laptop. These are all measures that secure my accounts in such a way that even if someone does steal my computer and bothers to try to break in1, they’ll be blocked from accessing my accounts.
Do this
Use a good VPN if you feel so inclined. Make sure it’s one you trust, of course, which typically means avoiding free offers. However, as long as your bank’s connection is via HTTPS2, attempts at direct access are generally nothing to be concerned about. Spend that energy on protecting yourself from more likely threats, such as loss or theft.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Is PIA really using RAM to run OS and clears IP?
I have no idea what you’re asking or how it relates to the article above.
You can do banking on a public network securely without a VPN, but I feel uncomfortable using a public network without a VPN. Most websites use SSL/TLS end-to-end encryption, but it’s like adding a second lock. I have a super strong lock on my front door. It’s built like a safe door. I still always lock the front entrance door. Maybe unnecessary, but worth the precaution.
So which Password Manager do you use that “auto locks”? Thanks!