iPad for Financial Transactions on the Internet

Non-investing personal finance issues including insurance, credit, real estate, taxes, employment and legal issues such as trusts and wills
Post Reply
Topic Author
GS
Posts: 67
Joined: Tue Sep 16, 2008 8:32 pm

iPad for Financial Transactions on the Internet

Post by GS »

Would the Apple iPad be considered secure enough to use for financial transactions on the internet? It would used only for financial websites for security purposes and not for anything else.
Silk McCue
Posts: 4806
Joined: Thu Feb 25, 2016 7:11 pm

Re: iPad for Financial Transactions on the Internet

Post by Silk McCue »

Generally yes. The primary issue is what your internet connection is going to be.

What are you planning to use for your connection.

Cheers
petulant
Posts: 1901
Joined: Thu Sep 22, 2016 1:09 pm

Re: iPad for Financial Transactions on the Internet

Post by petulant »

Generally it should be more secure since the probability of malware breaking security and watching your actions is lower.
Topic Author
GS
Posts: 67
Joined: Tue Sep 16, 2008 8:32 pm

Re: iPad for Financial Transactions on the Internet

Post by GS »

Internet connection is cable to iPad through USB-C to ethernet connector.
BionicBillWalsh
Posts: 285
Joined: Sun Oct 21, 2018 1:56 am
Location: Sandwich Islands

Re: iPad for Financial Transactions on the Internet

Post by BionicBillWalsh »

It certainly beats carrying gold bullion.

Heavy. Definitely not secure.
Jerry Garcia: If I knew the way...I would take you home.
illumination
Posts: 859
Joined: Tue Apr 02, 2019 6:13 pm

Re: iPad for Financial Transactions on the Internet

Post by illumination »

I honestly think it wold be more secure than using a desktop/laptop just because you are using the broker's app instead of a general browser where there is more likely to be malware or a virus. . But I'm far from being an expert in these things. I guess the only "weaker" link would be you'd have to use WiFi on a tablet instead of the option of a wired ethernet connection on a desktop, but that's really splitting hairs.

I just find the mobile/tablet OS usually doesn't have all the functions available as the desktop in an effort to be more streamlined. But for 99% of what you need, it's plenty. But getting things like tax forms would be tedious (at least for me) to do all on a tablet.
quantAndHold
Posts: 5015
Joined: Thu Sep 17, 2015 10:39 pm

Re: iPad for Financial Transactions on the Internet

Post by quantAndHold »

An iPad is arguably more secure than a laptop, since the hardware was designed in an era when security actually mattered, and since it does less stuff, the attack surface is smaller. Use the same security precautions as for a laptop (operating system and apps updated, good passwords, 2 factor authentication, etc). Using properly configured wifi is okay.

The only thing that's 100% secure is not having an account at all. But since that isn't useful advice, the iPad is probably fine.
Yes, I’m really that pedantic.
Silk McCue
Posts: 4806
Joined: Thu Feb 25, 2016 7:11 pm

Re: iPad for Financial Transactions on the Internet

Post by Silk McCue »

GS wrote: Wed Feb 12, 2020 6:51 pm Internet connection is cable to iPad through USB-C to ethernet connector.
I connect wirelessly at home. Away from home I only use hotspot connection to my iPhone. I feel very safe connecting to financial sites.

Cheers
rockylou
Posts: 121
Joined: Sat Feb 23, 2013 4:31 pm

Re: iPad for Financial Transactions on the Internet

Post by rockylou »

I do everything on my iPad, except completing my taxes. I did install vpn (included with my norton anti virus software) so hopefully safe if out using wifi
HawkeyePierce
Posts: 1480
Joined: Tue Mar 05, 2019 10:29 pm
Location: Colorado

Re: iPad for Financial Transactions on the Internet

Post by HawkeyePierce »

Wifi is fine. A VPN does not make you any more secure when doing financial transactions.
LoveTheBogle
Posts: 85
Joined: Tue Aug 13, 2019 5:53 pm

Re: iPad for Financial Transactions on the Internet

Post by LoveTheBogle »

rockylou wrote: Wed Feb 12, 2020 7:31 pm I do everything on my iPad, except completing my taxes. I did install vpn (included with my norton anti virus software) so hopefully safe if out using wifi
You may want to research what a VPN does.
TJHOFF
Posts: 13
Joined: Sun Sep 22, 2019 5:49 am
Location: Northern KY

Re: iPad for Financial Transactions on the Internet

Post by TJHOFF »

Things to make it more secure: Use a cellular enabled iPad, turn off bluetooth and WiFi in public, use 2 factor authentication.
Kagord
Posts: 396
Joined: Fri Nov 23, 2018 1:28 pm

Re: iPad for Financial Transactions on the Internet

Post by Kagord »

HawkeyePierce wrote: Wed Feb 12, 2020 7:43 pm Wifi is fine. A VPN does not make you any more secure when doing financial transactions.
Agree, I'd even say a VPN makes you less secure, it's another hop where someone could inspect your data, and it's all going through one gateway, likely. Albeit, an SSL session is pretty hard to crack.
User avatar
yangtui
Posts: 502
Joined: Sun Mar 30, 2014 1:32 pm
Contact:

Re: iPad for Financial Transactions on the Internet

Post by yangtui »

A properly maintained win 10 machine with a wired internet connection is secure enough. If you are extra paranoid, you can install a second instance of win 10 on the hard drive and only boot to it when you want to engage in sensitive activities.
thermalfama
Posts: 80
Joined: Sat Nov 26, 2011 9:38 pm

Re: iPad for Financial Transactions on the Internet

Post by thermalfama »

I'm an informatics engineer, and I only connect to services where being hacked would be very costly through my iPhone (which is as secure as an iPad), even though it's often less convenient than my fully-updated Windows PC. The iPhone I use is my main phone, not a separate device. It's a 6s so I'll have to buy a new one before they release the next iOS, as I don't expect they'll continue to support the 6s.
If you know how to recognize a phishing attack (checking the domain you're connecting to, not logging in after clicking links on emails) and if you are careful to check that you're connecting through HTTPS (the lock icon on the browser), then it's almost totally irrelevant where your wi-fi is coming from, public or not, because it's encrypted.
If you follow those precautions (if you know how to) and if you keep your device fully-updated at all times, apps and operating system (very important!), then your main vulnerability is getting hacked/having malware, which is much easier/more likely on a Windows PC (even with antivirus software), somewhat less likely on an Android, and extremely unlikely on an iPhone/iPad (unless hacking you is worth many, many millions of dollars -say you're Jeff Bezos-, in which case further precautions are warranted). That's part of the reason I wouldn't buy Android again (as my main phone) regardless of the features.
I second what's already been mentioned regarding strong passwords safely stored, and 2 factor auth.
HawkeyePierce
Posts: 1480
Joined: Tue Mar 05, 2019 10:29 pm
Location: Colorado

Re: iPad for Financial Transactions on the Internet

Post by HawkeyePierce »

TJHOFF wrote: Thu Feb 13, 2020 6:53 am Things to make it more secure: Use a cellular enabled iPad, turn off bluetooth and WiFi in public, use 2 factor authentication.
There is NO risk of using a financial app on your iPad on public Wifi. Zero, nada, zilch.
quantAndHold
Posts: 5015
Joined: Thu Sep 17, 2015 10:39 pm

Re: iPad for Financial Transactions on the Internet

Post by quantAndHold »

HawkeyePierce wrote: Thu Feb 13, 2020 10:16 am
TJHOFF wrote: Thu Feb 13, 2020 6:53 am Things to make it more secure: Use a cellular enabled iPad, turn off bluetooth and WiFi in public, use 2 factor authentication.
There is NO risk of using a financial app on your iPad on public Wifi. Zero, nada, zilch.
There’s always a >0 risk using a financial app on any device, anywhere. The only thing that’s completely safe is to not have the account in the first place.

That said, using a financial app on an iPad on public WiFi isn’t appreciably more dangerous than any other way of accessing the account, as long as you don’t try to override certificate errors. I have stayed in hotels recently where the captive portal was doing fishy stuff with certificates that the phone caught and stopped. But we can’t predict what attack vectors will surface in the future. Security is always a moving target.
Yes, I’m really that pedantic.
bryanm
Posts: 333
Joined: Mon Aug 13, 2018 3:48 pm

Re: iPad for Financial Transactions on the Internet

Post by bryanm »

quantAndHold wrote: Thu Feb 13, 2020 10:43 am
HawkeyePierce wrote: Thu Feb 13, 2020 10:16 am
TJHOFF wrote: Thu Feb 13, 2020 6:53 am Things to make it more secure: Use a cellular enabled iPad, turn off bluetooth and WiFi in public, use 2 factor authentication.
There is NO risk of using a financial app on your iPad on public Wifi. Zero, nada, zilch.
There’s always a >0 risk using a financial app on any device, anywhere. The only thing that’s completely safe is to not have the account in the first place.

That said, using a financial app on an iPad on public WiFi isn’t appreciably more dangerous than any other way of accessing the account, as long as you don’t try to override certificate errors. I have stayed in hotels recently where the captive portal was doing fishy stuff with certificates that the phone caught and stopped. But we can’t predict what attack vectors will surface in the future. Security is always a moving target.
Yep. And the bottom line is that a VPN creates one more layer between you and an untrusted channel. Granted, you have to trust the VPN channel, but I'm willing to bet Norton's VPN services are more secure than public Wifi. So using a VPN is still a recommended best practice even though in theory SSL is secure and you don't need it. It's belt-and-suspenders.
HawkeyePierce
Posts: 1480
Joined: Tue Mar 05, 2019 10:29 pm
Location: Colorado

Re: iPad for Financial Transactions on the Internet

Post by HawkeyePierce »

bryanm wrote: Thu Feb 13, 2020 12:02 pm
quantAndHold wrote: Thu Feb 13, 2020 10:43 am
HawkeyePierce wrote: Thu Feb 13, 2020 10:16 am
TJHOFF wrote: Thu Feb 13, 2020 6:53 am Things to make it more secure: Use a cellular enabled iPad, turn off bluetooth and WiFi in public, use 2 factor authentication.
There is NO risk of using a financial app on your iPad on public Wifi. Zero, nada, zilch.
There’s always a >0 risk using a financial app on any device, anywhere. The only thing that’s completely safe is to not have the account in the first place.

That said, using a financial app on an iPad on public WiFi isn’t appreciably more dangerous than any other way of accessing the account, as long as you don’t try to override certificate errors. I have stayed in hotels recently where the captive portal was doing fishy stuff with certificates that the phone caught and stopped. But we can’t predict what attack vectors will surface in the future. Security is always a moving target.
Yep. And the bottom line is that a VPN creates one more layer between you and an untrusted channel. Granted, you have to trust the VPN channel, but I'm willing to bet Norton's VPN services are more secure than public Wifi. So using a VPN is still a recommended best practice even though in theory SSL is secure and you don't need it. It's belt-and-suspenders.
You're assuming that the VPN strictly adds security when there's little reason to believe that's true. The VPN is *itself* an untrusted channel IMO. I have zero faith in Norton's ability to keep their VPN secure.

Using a VPN is definitely not recommended as a best practice by anyone who actually works in this field. They're an awkward kludge, not a security improvement.
bryanm
Posts: 333
Joined: Mon Aug 13, 2018 3:48 pm

Re: iPad for Financial Transactions on the Internet

Post by bryanm »

HawkeyePierce wrote: Thu Feb 13, 2020 12:37 pm You're assuming that the VPN strictly adds security when there's little reason to believe that's true. The VPN is *itself* an untrusted channel IMO. I have zero faith in Norton's ability to keep their VPN secure.

Using a VPN is definitely not recommended as a best practice by anyone who actually works in this field. They're an awkward kludge, not a security improvement.
Yes, I'm assuming that the VPN provider is more secure than public WiFi. That doesn't seem like a stretch to me--even if it is "untrusted," at least it's not generally open to the public. And mine aren't untrusted, since they either connect to my work network or my home.

Have a reference for the assertion that "VPN is definitely not recommended as a best practice by anyone who actually works in this field"? Here are a that few say you should.
lukestuckenhymer
Posts: 253
Joined: Wed May 30, 2018 11:53 am

Re: iPad for Financial Transactions on the Internet

Post by lukestuckenhymer »

Wi-Fi in your own home is generally secure as long as your Wi-Fi password isn't "password." Be a little wary of public Wi-Fi, because that is a lot more likely to be hacked.

There are many layers of security that overlay all banking websites today. All banking websites should have https:// at the beginning of their URL indicating that the website is secure and encrypted. Never enter your credit card or banking information on a site that isn't encrypted. If you're using Google Chrome, you will see a padlock next to the beginning of the url (search bar) indicating that it's encrypted. You can click on the padlock to see its security certificate. (Even Bogleheads.org is encrypted)

Beyond encryption, you should have two-layer authentication set up on all of your online banking accounts. This means that if you try to log in on a new computer (or if a hacker steals your login/pass and tries to log in) it will send a code to your phone to verify it's you (the hacker will be stuck). This is a very essential layer of security as well.

With these layers of security, I sleep pretty well at night.
HawkeyePierce
Posts: 1480
Joined: Tue Mar 05, 2019 10:29 pm
Location: Colorado

Re: iPad for Financial Transactions on the Internet

Post by HawkeyePierce »

bryanm wrote: Thu Feb 13, 2020 12:54 pm
HawkeyePierce wrote: Thu Feb 13, 2020 12:37 pm You're assuming that the VPN strictly adds security when there's little reason to believe that's true. The VPN is *itself* an untrusted channel IMO. I have zero faith in Norton's ability to keep their VPN secure.

Using a VPN is definitely not recommended as a best practice by anyone who actually works in this field. They're an awkward kludge, not a security improvement.
Yes, I'm assuming that the VPN provider is more secure than public WiFi. That doesn't seem like a stretch to me--even if it is "untrusted," at least it's not generally open to the public. And mine aren't untrusted, since they either connect to my work network or my home.

Have a reference for the assertion that "VPN is definitely not recommended as a best practice by anyone who actually works in this field"? Here are a that few say you should.
Not a single one of those sources is a security expert.

A VPN does absolutely nothing to protect your financial transactions compared to plain old HTTPS and only adds the risk of choosing an untrustworthy or compromised VPN provider. That's why it's a stretch to assume a VPN is more secure than public Wifi. You've simply added *another* attack vector without actually closing off any meaningful attack vectors.
bryanm
Posts: 333
Joined: Mon Aug 13, 2018 3:48 pm

Re: iPad for Financial Transactions on the Internet

Post by bryanm »

HawkeyePierce wrote: Thu Feb 13, 2020 1:42 pm
bryanm wrote: Thu Feb 13, 2020 12:54 pm
HawkeyePierce wrote: Thu Feb 13, 2020 12:37 pm You're assuming that the VPN strictly adds security when there's little reason to believe that's true. The VPN is *itself* an untrusted channel IMO. I have zero faith in Norton's ability to keep their VPN secure.

Using a VPN is definitely not recommended as a best practice by anyone who actually works in this field. They're an awkward kludge, not a security improvement.
Yes, I'm assuming that the VPN provider is more secure than public WiFi. That doesn't seem like a stretch to me--even if it is "untrusted," at least it's not generally open to the public. And mine aren't untrusted, since they either connect to my work network or my home.

Have a reference for the assertion that "VPN is definitely not recommended as a best practice by anyone who actually works in this field"? Here are a that few say you should.
Not a single one of those sources is a security expert.

A VPN does absolutely nothing to protect your financial transactions compared to plain old HTTPS and only adds the risk of choosing an untrustworthy or compromised VPN provider. That's why it's a stretch to assume a VPN is more secure than public Wifi. You've simply added *another* attack vector without actually closing off any meaningful attack vectors.
But you still haven't cited any experts to support your position.... I mean no offense, but it's hard to trust an anonymous poster over a variety of major news sources.

Edited to add: Speaking of "experts," here is Moxie Marlinspike (who has some relevant experience) saying "Riseup[, a VPN provider,] knows what they're doing ... VPN provides reasonable local confidentiality (public wifi)."
ChrisBenn
Posts: 441
Joined: Mon Aug 05, 2019 7:56 pm

Re: iPad for Financial Transactions on the Internet

Post by ChrisBenn »

One gotcha (with vanguard specifically) is that Vanguards terms and conditions for protections against electronic compromise of your account require running anti-virus/anti-malware on you mobile device - https://investor.vanguard.com/security/ ... ile-device

Anti virus can not meaningfully work on iOS due to apple's security model - and any anti virus app you get will be pointless at best and malware/spyware with a decent probability.

Will vanguard enforce this? No idea, and one would hope common sense would prevail (but, then it's not in evidence in that policy as it specifically calls out apple devices).
quantAndHold
Posts: 5015
Joined: Thu Sep 17, 2015 10:39 pm

Re: iPad for Financial Transactions on the Internet

Post by quantAndHold »

bryanm wrote: Thu Feb 13, 2020 12:02 pm
quantAndHold wrote: Thu Feb 13, 2020 10:43 am
HawkeyePierce wrote: Thu Feb 13, 2020 10:16 am
TJHOFF wrote: Thu Feb 13, 2020 6:53 am Things to make it more secure: Use a cellular enabled iPad, turn off bluetooth and WiFi in public, use 2 factor authentication.
There is NO risk of using a financial app on your iPad on public Wifi. Zero, nada, zilch.
There’s always a >0 risk using a financial app on any device, anywhere. The only thing that’s completely safe is to not have the account in the first place.

That said, using a financial app on an iPad on public WiFi isn’t appreciably more dangerous than any other way of accessing the account, as long as you don’t try to override certificate errors. I have stayed in hotels recently where the captive portal was doing fishy stuff with certificates that the phone caught and stopped. But we can’t predict what attack vectors will surface in the future. Security is always a moving target.
Yep. And the bottom line is that a VPN creates one more layer between you and an untrusted channel. Granted, you have to trust the VPN channel, but I'm willing to bet Norton's VPN services are more secure than public Wifi. So using a VPN is still a recommended best practice even though in theory SSL is secure and you don't need it. It's belt-and-suspenders.
Please don't use anything I posted as an endorsement of VPN services. Or anything Norton puts out, for that matter.
Yes, I’m really that pedantic.
TJHOFF
Posts: 13
Joined: Sun Sep 22, 2019 5:49 am
Location: Northern KY

Re: iPad for Financial Transactions on the Internet

Post by TJHOFF »

HawkeyePierce wrote: Thu Feb 13, 2020 10:16 am
TJHOFF wrote: Thu Feb 13, 2020 6:53 am Things to make it more secure: Use a cellular enabled iPad, turn off bluetooth and WiFi in public, use 2 factor authentication.
There is NO risk of using a financial app on your iPad on public Wifi. Zero, nada, zilch.
Very irresponsible comment. A simple google search on the lack of security using public WiFi vs your encrypted cellular network will show who's right.
softwaregeek
Posts: 564
Joined: Wed May 08, 2019 8:59 pm

Re: iPad for Financial Transactions on the Internet

Post by softwaregeek »

Also make sure you use 2 factor encryption.

Schwab offers a token this if you ask.
02nz
Posts: 5555
Joined: Wed Feb 21, 2018 3:17 pm

Re: iPad for Financial Transactions on the Internet

Post by 02nz »

The answer to OP's question is yes, but broadly, if you have practice basic online hygiene (e.g., not opening random links, only visiting trusted websites, keeping your OS and browser up to date, using 2-factor where available) there's next to no difference in risk between using an iPad just for this purpose and doing this on your PC or whatever. Maybe you reduce your risk from 0.00002% to 0.00001%, but there are much, much greater vulnerabilities out there (e.g., the Equifax hack) that this does nothing to address. If anything it may create a bit of a false sense of security.
HawkeyePierce
Posts: 1480
Joined: Tue Mar 05, 2019 10:29 pm
Location: Colorado

Re: iPad for Financial Transactions on the Internet

Post by HawkeyePierce »

TJHOFF wrote: Sun Feb 16, 2020 1:29 pm
HawkeyePierce wrote: Thu Feb 13, 2020 10:16 am
TJHOFF wrote: Thu Feb 13, 2020 6:53 am Things to make it more secure: Use a cellular enabled iPad, turn off bluetooth and WiFi in public, use 2 factor authentication.
There is NO risk of using a financial app on your iPad on public Wifi. Zero, nada, zilch.
Very irresponsible comment. A simple google search on the lack of security using public WiFi vs your encrypted cellular network will show who's right.
Apple requires all iOS apps to use HTTPS. You are not at risk of using your Vanguard app on a wifi hotspot.
Post Reply