How Do I Know VPNs Won’t Intercept Bank Login Details

By now, you hopefully know that using a VPN is vitally important for your security. Obscuring your IP address and internet activity keeps you safe from prying eyes. But when using a VPN, how can you be sure that the VPN provider isn’t intercepting sensitive information, like your bank login?


Assuming your VPN is trustworthy (which you can’t be sure of with a free VPN), the answer is encryption. Whenever you use a VPN, the security that it offers builds on top of the security that’s already built into secure websites.

Let’s take an example.

When you visit Bank of America’s website, you’ll see a green padlock icon in the URL bar. This shows that you’re connected using HTTPS, and thus the sensitive information you transmit — even without a VPN — is secured by encryption. Only your machine and Bank of America’s servers can read what’s sent.

If someone intercepted the data during transmission, they wouldn’t be able to read it. They might know know that you visited Bank of America’s site, but they couldn’t read the data itself that you sent.

What happens when we introduce a VPN into the equation?

Say you’re on a VPN connection when you log in to Bank of America. The sensitive information you send to the website is still encrypted before it gets sent to the VPN server, and it only gets decrypted when it reaches Bank of America’s server. Even though your bank login passes through the VPN server, the VPN server can’t read it.

The bottom line is that your passwords aren’t ever sent through the VPN — only an encrypted hash of them.

As discussed in our explanation on encryption, breaking this with brute force would take over a million years using modern supercomputers. Thus, when connecting to properly secured sites, a malicious VPN provider would only end up with a useless encrypted string if they tried to steal your login info.

 How Does Encryption Work, and Is It Really Safe?Read More

There’s only one way that a VPN provider could steal your login details: by setting themselves up as a man-in-the-middle attack. Theoretically, installing VPN software could allow a company to set up their own certificate as a trusted authority on your computer. This would fool your browser into thinking that insecure sites are actually safe.

With a reputable VPN, however, there’s next to no risk of this.

Have you ever worried about your security when using a VPN? If you don’t use a VPN, why aren’t you using one yet? Tell us what you think in the comments below!

Leave a Reply