Yeah VPN question does not seem OK. And I got some issue with 2-step auth vs. 2-factor auth, which looks somewhat loosely defined.
This question isn't quite right:
What does the “
https://” at the beginning of a URL denote, as opposed to "http://" (without the “s”)?
You correctly answered
That information entered into the site is encrypted
Actually the information I received from the site was encrypted at least for the file or page in the URL bar. That said, some elements may be from insecure sources like adding an HTML IMG tag to bring in an image from a regular http site. Additionally, HTML forms generally have a POST and rarely a GET method. When POST is used, it sends the data to a dynamic server-side script like a .pl, .cgi, .php, .asp, .aspx, .jsp or similar. There is NO guarantee that is secure or that it even goes to the same website. Someone could setup a form on a secure site to POST data to
http://insecure.tld/someparser.php and it would be sent in clear-text.
Agree completely that there is a difference between two-factor authentication and two-step authentication. Two factor usually uses a token and a password or PIN, can send an email, etc. It is like the Google Authenticaor. Two-step auth is merely having the user recognize a photo, deal with a CAPTCHA or some other process to make logging in take an extra step.
WTh!5Z is the most secure password because it has uppercase, lowercase, symbols, and numbers.
It CAN be safe to do online banking over airport WiFI. If the bank uses a high quality Cipher, hash, and key exchange, and you VERIFY the certificate is not a man-in-the-middle substitution then you have true, private encrypted connectivity to the bank.
They say VPN makes WiFi safe, and it CAN but it doesn't necessarily. What it generally does is tunnel 0.0.0.0/0 over the tunnel, which is encrypted point to point, so you have no clear text on unencrypted WiFi and can safely access unencrypted sites via HTTP. That said, most VPN has taken a trend to deliver a split-tunnel this day and age. If I connect into my work, I have differnet profiles including the all above, but I might just tunnel 10.0.0.0/8 back in providing a split tunnel. In this case the WiFi for the Internet would likely go through the airport's 192.168.0.0/16 or their 172.16.0.0/12 direct and NOT the tunnel.
Hence the people making these don't really always have the best information on the tests.
