Maximise your Avios, air miles and hotel points

masaccio 1,012 posts

The problem is that the fake wi-fi also has a fake DNS server, so http://www.ba.com is not really sending you to ba.com. Most sites generate a hidden session key when you connect, so you don’t have to log in every time, and when you are connected to that dodgy wi-fi site, the owner will sniff that session key and then use it in what’s called a replay attack

Except BA doesn’t do this until you have logged in over an encrypted connection. So unless they are hijacking all the traffic with a fake certificate and you’ve accepted said fake certificate despite your browser’s warnings, they will be SOOL.

I personally think VPNs are oversold though I do have my own which I use mainly to bypass geo-blocking. I don’t use it for security and can’t anyway on my work phone as we policy out personal VPNs.

Doesn’t Android have its own password safe these days? Keychain in the latest iOS has proved good enough that I will let my 1Password subscription lapse this year.

The UK's biggest frequent flyer website uses cookies, which you can block via your browser settings. Continuing implies your consent to this policy. Our privacy policy is here.