Critical controls
Before login
- Confirm hotspot name with trusted staff or official signage.
- Disable auto-join for previously seen unknown networks.
- Start VPN before opening account-sensitive apps.
During session
- Use passkeys or app-based 2FA, not SMS where avoidable.
- Avoid clipboard-based OTP sharing between apps.
- Log out after completing sensitive tasks.
FAQ
Can VPN prevent all account compromise?
No. VPN protects network transport, but account protection also depends on identity and device security.
What is the policy scope of this guide?
Security guidance only; not financial advice. Follow local laws and platform terms.