Used MacBook Pro on hotel wifi!!!!

[chubbles]

Hey Folks I'm old and did a dumb thing and need advise what to do!

While at a hotel I used my computer on the hotel wifi and even left it in sleep over night with auto backup on. I have FileVault on, and am going through my passwords and changing them. I have been reading about changing my Apple ID password, that looks to be quite complicated and thus risky.

Any help would be greatly appreciated!

This brings up the question. should one periodically change Apple ID password.

Thanks,
Dumb and Old chubbles

 

[Chester Stone]

I don't understand the problem. Are you afraid someone at the hotel stole your passwords? Do you type your passwords in plain text and save them in a file that you back up?

I think they get encrypted end-to-end, meaning that someone that looks at the channel during transmission wouldn't be able to decode the original text. But I also am naive and would think that hotel technicians have better things to do than spy and try to decode guests' passwords.

TLDR: I think you are safe, and you don't need to change your passwords. But periodically changing them is a good idea, and if you notice funny business, then you can change immediately. But I wouldn't do anything just because you backed up over hotel Wi-Fi.

 

[Apple_Robert]

You don't need to change your Apple ID password. You are fine. You had FileVault on your drive which is encrypted at rest. If you need to use Public Wifi in the future, make sure you use a VPN.

 

[Toutou]

I wouldn't worry too much. Most of the traffic between your Mac and the internet is encrypted (basically anything sensitive is) and isn't significantly more vulnerable on the first/last leg of the journey (between your Mac and the Wi-Fi access point) than on the rest of the journey (dozens of hops between different computers that form the internet infrastructure, any one of which can be compromised).

The reason why connecting to an unknown WiFi can be dangerous is that most WiFi networks are configured in such a way that other computers on the same network (other guests of the hotel, café, gym etc.) can see and talk to your computer, i.e. send data to it.
And when that happens AND there is a hole in your computer's network security (you disabled the firewall, you have a SSH daemon running with a weak password, you left a server running if you're developer maybe, you have file sharing enabled with a weak/no password, things like that), potential malicious actors on the network will be able to find it rather quickly (i.e. just flood your machine with all sorts of messages/commands/request and see what sticks).

The chances of all this happening (malicious actor on network, your Mac vulnerable) aren't very high.

 

[FHoff]

Ive used various hotels wifi for years. Never had an issue.

 

[chubbles]

Hey Y'all thanks for all the replies!

I have been worried and have avoided my financial websites. I will proceed with my password updates and then start learning about using VPN's.

It's great having concerned helpers!

You Folks are Great,
chubbles

 

[grahamwright1]

If you are worried about virus / malware infections on your MacBook then download something like Eset Cyber Security (https://www.eset.com/ca/home/free-trial/) and let it check out your MacBook for any problems. When it's finished, either uninstall it or purchase a license

Moving forward the other recommendations about using a VPN service when you are in a public location or on a public wifi makes very good sense! No need to change your AppleID.....

 

[Toutou]

I'd like to point out that from a security standpoint a VPN will only cover the most obvious and blatant vulnerability - unencrypted traffic to/from the internet.
What a VPN (or what is marketed to consumers as a VPN, the term itself is actually a little broader) does is that it takes traffic from your Mac, even unencrypted traffic, and passes it safely through the unsafe/untrusted network you're currently in via an encrypted channel to a server located in a safer part of the internet (in your VPN provider's infrastructure), which then releases the traffic to the wild just as your Mac would if connected to that same point, and vice versa.
So any passwords to websites that still use HTTP instead of the more secure, encrypted, HTTPS will still bounce around different machines all over the internet, just not through the routers of that particular hotel you're in. The number of websites still on HTTP is getting smaller every day and you can absolutely count on the connection to your bank, email provider or social network to be encrypted.

There are no other security benefits to using a VPN, it will not shield you from things like malicious actors probing your machine within the same network.

 

[chubbles]

Hey Folks I'm back and embarrassed that I've been gone so long, surprise I was having computer problems.

Thanks grahamwright1 and Toutou your inputs are appreciated AND will be followed! I find Toutou"s particularly interesting given what FHoff posted.

Now I'll try to be helpful to others. Given my situation I reviewed my passwords, many were too old, so I started updating some and the password change cut me off from my retirement investment website. I spent most of the daylight hours of 4 days getting that problem solved. During that time my computer would not allow me to access Finder or KeyChain Access and was running slow. I blamed the slowness on Big Sur update--WRONG. I was using a docking station by WaveLink. While working on my problems I disconnected the docking station and powered using the power adapter that came with the computer--?Wow. ALL my computer problems vanished and the machine runs way faster. It wakes from sleep in a flash and videos load in a 1/3 the time. the docking station is only 9 months old, but I will never connect to it again.

I've been looking at docking stations, but they all seem to get too many negative reviews, so I might try to design a work station using Apple dongles.

Thanks again for all great help, and info.
chubbles