🌐 On the Go

Protection on the Go

Public Wi-Fi, effective VPN use, password managers, mobile security, travel setup — what really protects you without paranoia.

🔐 Data Protection CompendiumProtection on the Go

At home on your own Wi-Fi router, security is relatively simple. On the go, it gets more complicated: cafe Wi-Fi, hotel hotspot, airport network, foreign power outlet with USB port. Here, we show what is genuinely at risk – and what is just marketing scare tactics.

📋 Page Contents

📶

Public Wi-Fi — What's Really Dangerous?

"Hackers can snoop on you in public Wi-Fi!" — this warning used to be very valid. Today, the situation is more nuanced. Here's an honest assessment for 2026.

What's protected by HTTPS today?

Virtually all modern web traffic runs over HTTPS. This means that even if someone on the same Wi-Fi network intercepts your data, they only see that you visited, for example, amazon.de — not what you did there, which product you viewed, whether you were logged in, or what you bought.

What's still risky?

Fake Hotspots ("Evil Twin")

Attackers set up a Wi-Fi named "Starbucks_Free" or "Airport_WiFi". Those who connect go through the hacker's router. The hacker can't read everything but can manipulate login pages.

Captive Portals

The "login page" for hotel Wi-Fi. Here, attackers can inject fake login pages or distribute malware. Be careful with "accept certificates".

DNS Manipulation

Attackers can manipulate DNS responses and redirect you to phishing sites — which then look deceptively real. HTTPS only protects against this if you take certificate warnings seriously.

Unencrypted Connections (rare)

Apps or websites that still use HTTP instead of HTTPS can be completely read. Rare in 2026, but not impossible — old websites, poorly programmed apps.

What you should do

  • Check hotspot names — if unsure, ask staff
  • Take HTTPS warnings seriously — if it says "not secure" or there are certificate errors: disconnect
  • Avoid online banking on café Wi-Fi — purely as a precaution
  • Use VPN for sensitive actions — if needed, not reflexively
  • Use your smartphone's own hotspot feature if it's important

📊 Realistic Assessment

In everyday life in a normal café Wi-Fi, something happens to you statistically very rarely. The bigger danger: phishing via email, hacked online accounts, weak passwords. If you have that under control, you don't need to panic about public Wi-Fi.

🔗

VPN — When is it useful, when is it marketing?

VPN providers advertise "complete anonymity on the net." This is simply false. What VPNs can really do – and what they cannot:

What VPN actually does

  • Encrypts your connection to the VPN server (in addition to HTTPS)
  • Hides your IP address from visited websites
  • Conceals your traffic from your internet provider
  • Allows geo-spoofing — use German media libraries from abroad, or vice versa

What VPN does not do

  • Does not make you anonymous — cookies, tracking, login data will still identify you
  • Does not protect against phishing — you will still click on the wrong link yourself
  • Does not protect against malware — viruses will still get through if you activate them
  • Does not hide you from Google/Facebook — they identify you via your account, not your IP
  • Does not make traffic "completely secret" — the VPN provider sees your traffic

When is VPN truly useful?

Access German content abroad

ARD Mediathek, ZDF, Sky — many services are blocked outside Germany. VPN with a German server helps.

In censored countries

China, Russia, Iran — free internet is restricted there. VPN bypasses blocks (even if it's illegal in some countries).

In truly insecure networks

Hotel Wi-Fi in questionable countries, airport networks with mandatory login — useful as an additional layer.

Against ISP tracking

If you don't want your internet provider to see which websites you visit — VPN hides this (but you trust the VPN provider).

Important when choosing a VPN provider

  • No-logs policy — the provider does not store connection data
  • Headquartered in data-privacy-friendly countries — not USA, China, Russia
  • External audits — the no-logs policy has been independently verified
  • Servers in many countries — for flexible geo-selection
  • Paid, not "free" — free VPNs often sell your data themselves

🟡 Avast VPN — Thoughtful instead of Overblown

Avast VPN offers all important features without marketing exaggeration: no-logs policy, thousands of servers in over 50 countries, AES-256 encryption, kill switch (automatically disconnects if VPN drops). Works on PC, Mac, Android, and iOS – one account for all devices.

Convenient: Also included as an integrated component in Avast Mobile Ultimate – if you're on the go, you have everything in one.

View Avast VPN →

⚠️ VPN is not a panacea: If you browse all day through VPN, but are logged in everywhere with your real name and click on every phishing link, you don't have better security – just a different provider who sees your traffic.

🔑

Password Protection

The most common cause of hacked accounts is not sophisticated hacks, but rather: weak passwords and reuse. A systematic approach helps most here.

The Three Rules for Good Passwords

  1. Long — at least 16 characters, preferably 20+
  2. Unique — a different password for each service
  3. Unpredictable — no birth dates, no dictionary words

The Reuse Problem

If your LinkedIn password was leaked in 2021 and you use the same password for your bank: bots will try it. This is called "credential stuffing" and is currently the most common attack vector. Solution: a password manager.

Password Manager — The Only Practical Solution

No one can remember 50+ unique passwords. A password manager stores them all; you only need one master password. It auto-fills login fields, generates secure passwords, and warns you about leaks.

Options

  • Bitwarden — Open source, free in the basic version, highly recommended
  • 1Password — Commercial, excellent usability, family license
  • KeePassXC — Open source, local (no cloud), for the cautious
  • Browser-based password managers — convenient, but everything in one place poses a risk

Two-Factor Authentication (2FA)

Even if your password is leaked: with 2FA, the attacker still can't get in. A second factor (code from the authenticator app, SMS, hardware key) provides additional protection.

  • Authenticator apps (Authy, Google Authenticator, Microsoft Authenticator) — more secure than SMS
  • SMS-2FA — better than nothing, but vulnerable to SIM swapping
  • Hardware keys (YubiKey, etc.) — highest security, a bit more expensive

🟡 Steganos Privacy Suite — Password protection included

If you want password management as part of a broader data protection package: Steganos Privacy Suite offers an integrated password manager with AES-256 encryption, encrypted vaults for files, a secure file shredder, and a trace remover — all in one software.

View Steganos Privacy Suite →

💡 Most important accounts first: Before migrating all 80 passwords, start with the 5 most important ones — primary email address, main bank, tax identification, cloud storage, main social account. If these are secure, nothing major can happen.

📱

Mobile Security

Smartphones are now the most important computer device for most people — and thus the most valuable target for attacks. Mobile security is therefore at least as important as PC security.

The Basics

  1. Activate screen lock — fingerprint, face, or PIN (at least 6 digits)
  2. Apps only from official stores — Play Store, App Store. Sideloading only if you know what you're doing
  3. Apply updates quickly — security patches are not optional
  4. Check app permissions — why does a flashlight app want access to contacts?
  5. Encryption active — standard on iOS, check in Android settings

App Hygiene

  • Regularly clean out — apps you haven't used in 6 months: get rid of them
  • Review permissions per app — pay attention to location, microphone, camera, contacts
  • Restrict background activity — terminate apps that are constantly active
  • Check trackers via App Tracking Transparency (iOS) or Privacy Dashboard (Android)

Theft Prevention

  • Activate "Find My Device" — Google Find My Device / Apple Find My
  • Regularly back up data — cloud backup or local
  • Set up emergency functions — quickly lock or remotely wipe in case of loss

What does mobile antivirus offer?

Very little on iPhone — iOS is very closed off, malware risk is low, antivirus can do little technically. Useful on Android: there is indeed malware there (especially in third-party stores or through sideloading). Plus modern suites offer anti-phishing, app scanners, theft protection, VPN.

🟡 Avast Mobile Ultimate — Complete package for your phone

Avast Mobile Ultimate bundles antivirus, anti-phishing, app scanner, webcam protection, theft protection, and VPN for Android and iOS. Practical: one license for all family devices.

Especially useful: The anti-phishing protection checks URLs in WhatsApp, SMS, and emails before you click. This can make a big difference, especially on a smartphone (smaller screen, quick click).

View Avast Mobile Ultimate →

✈️

Travel Setup for On-the-Go Security

For travel — especially abroad — a well-thought-out setup is worthwhile. What makes sense, what's overkill?

Before the trip

  1. Make a backup — fully back up your smartphone and laptop
  2. Clean up devices — remove old apps, free up storage
  3. Set up travel essentials — VPN app installed & tested
  4. Check password manager — accessible from all travel devices?
  5. 2FA backup codes — in case the authenticator app stops working due to SIM swapping
  6. Emergency contacts — bank hotlines, police, embassy in the destination country

What to bring?

  • USB travel charger — avoid using unfamiliar power outlets with unknown USB ports
  • Your own data cable — safest option
  • Your own mobile hotspot — if public Wi-Fi networks aren't trustworthy enough for you
  • USB data blocker ("USB Condom") — if you absolutely must use unfamiliar ports, it blocks data lines, allowing only power through

In special cases

  • Travel to authoritarian countries — separate travel devices with minimal data, wipe later
  • Business travel with sensitive data — encryption is mandatory, if applicable, observe company travel IT policies
  • Longer stay — consider a local SIM card, keep German number for 2FA

During the trip

  • Use hotel safe for devices you don't need
  • Lock screen every time you put the device down
  • Connect to Wi-Fi only after checking — ask hotel staff for the correct name
  • Perform sensitive actions via VPN — online banking, email, sensitive logins

📊 Pragmatism over paranoia

For most trips — a weekend in London, a family holiday in Mallorca, a business meeting in Paris — it's enough to have a well-secured smartphone, an active password manager, and a VPN on your phone for emergencies. More is usually overkill and only leads to things not working when you need them.

🌐

Tools for Secure Mobility

Avast VPN for on-the-go. Avast Mobile Ultimate for complete smartphone protection. Steganos Privacy Suite for password manager and encryption.

🔗 Avast VPN 📱 Avast Mobile 🔒 Steganos
More in the Data Protection Compendium:
🔐 Hub 🪟 Windows Data Protection ⚠️ Online Security