Security: Buying online while wireless.

Recently there has been a lot of technical buzz from purported security experts related to e-commerce on wireless connections. Their general premise is that a wireless network is not secure, therefore any form of communication on said network is also compromised.

Hogwash and an utter lack of technical expertise abound.

The Facts:

When you connect to an e-commerce web site, such as Amazon, the encryption is performed end point to end point between your web browser and the Amazon web server. Typically this is 1024 bit encryption and does not change whether you are connected via wireless, wired, phone, or satellite. The encryption is initiated by your web browser and replied to by Amazon’s server. When either the Amazon server or your computer do not receive the correct challenge or response during any portion of the transaction, either end will terminate the transaction. The hash of the keys is never broadcast in the data stream. This is a much more complex communication than what occurs between the wireless router and your laptop. Even when you are connected via wireless, this e-commerce transaction is as secure as it will be any other place. This form of secure transaction is so secure that it takes hundreds of very powerful computers and a super computer working in unison, over 90 hours to decipher ONE word of the transaction. There was a time this transaction type was believed to be impervious by some of the same purported security experts from the beginning of the story. NO form of encryption will ever be 100% impervious. There is an algorithm devised by the master mathematician Tesla himself that will break any form of encryption. Time and the computing muscle to carry it out are all that is required. The problem is that the time it takes is often calculated in years. Which is great if you are a consumer and terrible news for the thieves that want to steal your credit card data. Your credit card is more likely to be compromised by the database of the merchant, than via your secure transaction. This can and does happen frequently. It is still a much more secure method of purchasing than when you visit a store in person.

Here are some issues related to wireless connections.

When you connect to a wireless network, the encryption options are 8 bit, 12 bit, 48 bit or in some cases 56 bit AES encryption. In relative perspective, 1024 bit encryption is approximately 18X more powerful. Some wireless networks have the encryption completely disabled. This is a fairly insecure method of communication. It can be subverted by anyone that has the technical expertise in a matter of moments using an average computer. While this is not ideal it does not impact your 1024 bit encrypted transaction in the least. What it can impact, is the security of any files you have stored on your laptop. Any time you use a wireless connection it is never as secure as a wired connection is. The price we pay for convenience.

Ideas to consider when using wireless:

Turn off file shares and file sharing.
Secure your wireless routers as well as they allow for (use WPA2 AES encryption if possible).
If you notice something odd, be wary.
Use a software firewall and updated anti-virus software on each and every computer you use.

NEVER click on a Link in your email for an e-commerce site of any type. EVER. No matter what method you are using to connect.
Always visit a secure website by manually typing in the URL by hand OR buy using a LINK you create with Passwords2GO.
It is very easy for anyone to create a phishing link that looks like the real thing. It may look exactly like the real site when you visit it.
Never leave your laptop unattended.
Be aware that video camera surveillance is everywhere. Having the best password and encryption technology is useless if the keys to the fortress can be seen by untrusted eyes through a camera and yes the camera is powerful enough to zoom in on your laptop while you are in the coffee shop.
Never use passwords like 12345 or 123456. If something is important enough to use a password, use a good long one that is hard to guess.
A good example of a strong password is something like MyS0N1s4teen as opposed to password03.

For those who need an extra level of protection:

Use a flash drive with Passwords2Go software to store all of your data that is of a sensitive nature in encrypted format.
Keep it on your person when you need to, secure it in the vault when you do not.
Use it to create and store separate unique LONG passwords for every web site you log into. Never give anyone, save your beneficiary, your master password for Passwords2GO.

Your email and bank accounts should have their passwords changed frequently and more often than your twitter or facebook accounts.
I change most of my passwords every 30 days. The more critical the data, the more frequent the password change.