Three Tools Every Traveler Should Use to Protect Personal Information and Data

Published by Brian Belley on

When you’re on the road for work or visiting somewhere on vacation, the last thing that you want to be stressing over is your data security. Public WiFi hotspots and other unsecured connections are easy targets that hackers can use to sniff and steal your private emails, personal information, and credit card and bank credentials.

The three essential tools that we use on a daily basis to keep our personal data secure while traveling are:

  1. VPN: Never connecting to a WiFi hotspot in public, or in our hotels and Airbnbs, without using a Virtual Private Network (VPN) to encrypt our data.
    1. Use this link to get 30 days free of ExpressVPN, our VPN of choice.
  2. 2FA: Enabling Two-Factor Authentication (2FA) on important accounts and apps.
  3. Password manager: Using a password manager, LastPass, to maintain complex and unique passwords for each of our accounts.

What are the Actual Risks of Identity and Data Theft While on the Road?

Norton by Symantec published their WiFi Risk Report study in May 2017, where they assessed the real risks of public WiFi by surveying over 15,000 people around the globe. Some of their key findings were:

  • 60 percent of respondents felt their personal information was safe when using public Wi-Fi, yet 53 percent couldn’t tell the difference between a secure or unsecure public W-Fi network.
  • 75 percent of consumers didn’t use a Virtual Private Network (VPN) to secure their WiFi connections, even though it’s one of the best ways to protect your information.
    • What’s even more troubling is 29% of survey respondents had never heard of VPN before taking the survey or know what it was!
  • 87 percent of consumers have potentially put their information at risk while using public WiFi.

It’s clear from the survey that most people who use public WiFi are unaware of the actual risks to their private data while using these connections. There’s a good reason why many companies today require employees to use some type of VPN when connecting remotely.

Have you ever read an email while on unsecured public WiFi? Maybe posted a picture to social media? Or even purchased something from Amazon? Each of these actions – and anything that you do while connected to public WiFi – can put the data that you transmit and receive at risk of being stolen by hackers.

How likely is it that your data would be stolen if connected to a public WiFi hotspot? In a 2015 study by Norton, 21% of Americans had their email hacked and 12% had their financial data stolen after shopping online. In terms of trends, global online shopping has grown more than three-fold from 2015 to 2018, so this paints an even larger target for hackers.

Are you concerned yet about your data privacy? You should be. Now, let’s discuss some measures you can take to fight back against the hackers and step up your game for security while traveling.

Defense 1 – Using a VPN While Traveling for Data Encryption

While 29% of the 2017 survey respondents didn’t know what a VPN even was, we will ensure that everyone walks away from this article today able to put a VPN to good use. If you work at a company that allows remote connections to their work servers, it is likely that you are already familiar with VPN. While there are different ways of connecting, it usually just involves a few clicks of a button to establish an encrypted VPN connection from your computer.

What is a VPN?

To simplify the concept, you can think of a VPN as an encrypted tunnel through the open internet, with an opening at one end – your PC/tablet/phone, called the “VPN Client” – and the second opening at the destination – say your work or VPN service, called the “VPN Server”. Your information is encrypted at your end, and remains encrypted until it reaches the destination at the other side, allowing it to pass safely through the internet without being spied on. Thus, even if hackers and others intercept that data along the way, the encryption provides the added security to keep your data safe from prying eyes.

How do a I obtain and use a VPN for personal use?

There are many options for personal VPNs. If you are not frequently connecting to public WiFi and don’t need much data, you may get by using a free VPN service. The free VPNs are usually limited in some way, either by speed and/or limited by a total data usage cap per month; for example, you get up to 500MB of bandwidth a month for free, and then would need to upgrade for additional bandwidth.

If you’re using more than 500MB a month, have multiple devices, or need the fastest connection possible, then looking into paid VPN options is probably the right choice. For those that are more tech-savvy and have a router that allows VPN, you can also read online about how to set up your own VPN server and won’t have to pay a monthly fee.

Connecting using ExpressVPN is as easy as one click of a button.

For a paid VPN option, we settled on ExpressVPN due to the excellent reviews, super-fast servers, multiple device support, and all-around performance. It was $99 billed annually, so at that price for three devices, we figured it was well worth the investment to protect our data and accounts while abroad.

If you decide ExpressVPN is the right choice for you, sign up for ExpressVPN today using our referral link and we’ll both get 30 days free!

Setup is also extremely easy and takes less than five minutes. For ExpressVPN, after creating an account you simply install the software, and then click to turn it on whenever you connect to WiFi and need security!


VPN Key Takeaways:

  • A VPN encrypts your data whenever you are connected to WiFi to ensure hackers cannot steal your personal information.
  • A VPN is relatively affordable – especially considering all the protection it gives you – and easy to set up.
  • Sign up for ExpressVPN using the above referral link and get 30 days free.

Defense 2 – Using Two-Factor Authentication on Accounts and Apps

While using a VPN will encrypt your data and is one of the best defensive measures you can take to ensure privacy while on a public WiFi connection, remember that nothing is 100% invincible from hackers.

Thus, a good idea for adding another layer of security above your VPN is to use Two-Factor Authentication (2FA). Two-Factor Authentication requires you to verify via some secondary method, whether it’s an email, an SMS text message, or a Google Authenticator code, that it is truly you trying to log in to your account.

Let’s assume you decide to connect to your bank account while on a coffee shop’s public hotspot, but low-and-behold, you accidentally forgot to use your VPN! Harold the Hacker has quickly obtained your login credentials and moves immediately to log in to your bank account and transfer all the funds out of your account. However, after entering the username and password, a second 2FA screen pops up, asking for the “SMS code” that was just sent.

You’re saved! Thanks for 2FA, despite the initial breach in your data, the new text message sent to your phone will keep your account safe, until you can update your credentials to prevent future attacks.

Two-factor authentication is an option that is available on most websites and most apps today. Especially for anything that is important or associated with my finances, I enable 2FA to ensure I have an added layer of security.

Accounts to consider enabling 2FA on include:

  • Email
  • Financial and Bank Accounts
  • Password managers (like LastPass)
  • Brokerage and stock/bond trading accounts
  • Any other important accounts – I enable it whenever it is an option

Depending on the site, they may also allow enabling additional layers of 2FA. For example, you get one 2FA code when logging in to your brokerage account, and receive a second, unique 2FA code before withdrawing funds or making a trade.

Using Google Authenticator as a Type of Two-Factor Authentication

As great as receiving a confirmation email of SMS text message may be, there are still obvious vulnerabilities. Although unlikely and more difficult, a determined hacker may still be able to intercept that 2FA message and gain access to your account.

That’s where Google Authenticator enters. Google Authenticator is an app installed on your Android or iPhone that allows you to save as many 2FA sites as you choose to enable, and provides you with a unique 2FA code that changes every 60 seconds. The good news is it allows you to do 2FA even without mobile service or internet access, whereas an SMS or email requires that you are connected. Also, because no message is sent using Google Authenticator, it removes the vulnerability of having that SMS text message or email intercepted.

Google Authenticator isn’t available on all my accounts, but when it is, I strive to use that method of 2FA over SMS or email.

Two-Factor Authentication Key Takeaways:

  • Provides an added layer of security for all your accounts
  • Is easy to setup and available on most websites and apps
  • Google Authenticator is an excellent 2FA option, especially if you won’t always have cell or internet service

Defense 3 – Using a Password Manager, Like LastPass

As the final line of defense for our trifecta of protection while traveling, we use a password manager, LastPass. LastPass is completely free (we only use the free version), but premium options are available for those that need advanced sharing and other capabilities. If you do sign up using this LastPass link, you will get 1 month free trial of LastPass Premium.

Is It Safe to Store All My Account Usernames and Passwords with LastPass?

The biggest question that I had when first considering LastPass was whether it was actually safe to store all my passwords in a single location. It felt counter-intuitive to adding security to my accounts by having them all in one place; what if LastPass was hacked, couldn’t I lose everything?

When dealing with anything having to do with online security, there are typically two things to keep in mind.

  1. Nothing can ever be 100% safe from all possible attacks.
  2. Typically, for well-designed security services like LastPass, the weakest link is not the encryption or the service itself, but your own strength in protecting your username and master password.

If I go around writing my master password down on paper, copying and pasting it into forms and searches online, saving it in a “password” file on my desktop (please, do NOT do this!), and re-using it across multiple websites, then no, obviously LastPass is not going to be able to protect all my other passwords.

However, if you treat your master password as a true secret, update it often, and practice good protocol when using it (i.e. not entering it on public machines, when connected to public WiFi, ensuring I’m not going to imposter sites and entering my credentials, etc.), then yes, LastPass and other password managers can truly add another layer of security to help protect your accounts and data.

LastPass does not even have access to your data, since your master password is needed to get around the AES 256-bit encryption; thus, even if LastPass servers are hacked, as long as you keep your master password secure, it would still take many billions times the current age of the universe to use a brute force attack and obtain your passwords.

Tips to Keep Your LastPass Account Secure

As discussed in the previous section, ensure that you enable two-factor authentication for your LastPass account and set up a recovery phone number.

Always make sure you are logging in to the secure https://lastpass.com website as the URL, and never click on links in emails or on other websites that could be targeted by people trying to obtain your master password by posing to be the LastPass website.

Also, maintain good password etiquette, meaning never re-using a password, always having passwords generated by a random-number generator, and including as many combinations of letters, capitals, numbers, and symbols as the website or application allows. Note: all of these options – for example, I want a 20-character password, no special characters, but capitals and numbers – are all implemented in LastPass for quickly generating random but compliant passwords for each of your accounts.

This All Sounds Like Extra Work, so What Are the Benefits of a Password Manager?

The primary benefits in using a password manager like LastPass include:

  • Maintaining unlimited unique and complex passwords for every online account, so that if your credentials are compromised in one place, your other accounts remain secure.
  • Allowing stronger, more complex passwords by removing the burden of you having to remember or safely store such passwords. Randomly generated, complex passwords are more secure than easy-to-remember or pronounceable passwords.
  • Ability to quickly and easily update your passwords, so that you can change them all periodically, or when you fear that some credentials may have been compromised.

Let’s run through a hypothetical scenario. Let’s assume that you have a go-to password that you use across all your bank accounts, “kittycat123!”, and you decided to use this password on the new startup website that you just signed up for. Unfortunately, that startup gets hacked in their early days, and your username and password are now exposed.

Unbeknownst to you (since the startup doesn’t even know yet that they were hacked), the hackers sell your information and it is used to try and log in to various financial websites at random. Unfortunately, they quickly find out which sites your credentials work on, and are able to access your funds and transfer money out before you can react.

The first major benefit of LastPass is that it allows you to have an extremely complex, unique password for each of your online accounts, without putting the burden on you to remember all those passwords or maintain them on a slip of paper. Thus, in the unfortunate, but not unrealistic, scenario that one of your current accounts is hacked, you can rest at ease knowing that your other accounts still have strong passwords that are different.

Second, imagine if your password had been 4GMGuzYCj2bJHbL*z!q1, instead of “kittycat123!”. Having any password that uses logical sequences of letters/numbers, common patterns, and/or phonetic phrases makes them more susceptible to being guessed or more easily cracked. The safest passwords are completely random, making them almost impossible to remember, so that is where LastPass comes in.

Finally, the amount of time that your passwords have been unchanged adds to the risk that someone could have been slowly chipping away at trying to gain access. Thus, it is good practice to update passwords on a periodic basis, and LastPass makes the entire process as easy as a few clicks of the button.

Additional Benefits of LastPass Beyond Just Passwords

In addition to passwords, even on the free version of LastPass, there are several other benefits of storing encrypted data that we take advantage of while traveling. They are:

  • Storing our credit card numbers, expiration dates, and CVV codes so that we don’t have to travel with all our cards, but can use them online if needed.
  • Storing pictures of critical documents, including passports, drivers licenses, and other documents.

Again, the information is only as safe as the level to which you protect your master password; however, it is much safer than just keeping these items on your desktop in a saved file or stored somewhere on the cloud. The encrypted files are then also accessible from any machine in an emergency – when decrypted using your master password – so if someone stole my laptop, I don’t lose all those critical pieces of information.

Password Manager Key Takeaways:

  • A password manager provides additional security by maintaining complex, unique passwords for each of your online accounts.
  • Always enable 2FA on your password manager.
  • Your accounts are only as safe as your master password. Maintain good password etiquette and update your master password regularly.
  • LastPass allows stored encryption of other key files such as credit card information, passport and license photos, and other critical documents.
  • LastPass is completely free and our password manager of choice.

Summary of Keeping Your Data Safe While Traveling

In summary, the primary methods for protecting your personal data while traveling and connecting to WiFi are:

  1. Always use a VPN
  2. Enable 2FA on all your accounts
  3. Maintain complex, unique passwords using a password manager like LastPass

Public WiFi and the threat of cyber crime are not going away any time soon, so be vigilant and ensure you are putting these three tactics to use to keep your data safe on the road. It only takes one time to expose your data to hackers, so always use the above methods any time you are connecting in public, or else wait until you return to home or are able to connect securely.


1 Comment

10 Items You Must Pack for Extended International Travel – Brian and Alyssa – Livin' · June 29, 2018 at 3:03 PM

[…] In addition to these physical items, no traveler should be without certain apps to provide privacy and security while traveling, as described in our post covering the three must-have apps and tools to protect your data while traveling. […]

Comments are closed.