Summary – Virtual private networks (VPNs) can serve several purposes, but one of the most important is the role it plays in your security.
VPNs work by having your computer connect to the VPN’s server and then connect to a website through that server.
VPNs have certain security and privacy procedures in place to protect your computer from malware, hacking, and tracking.
In this article, we’ll discuss the importance of VPN security, what to look for regarding VPN security, and determine which VPN providers are the most secure.
Why is a Secure VPN Necessary?
A virtual private network provides you with security and privacy, a vital component for cybersecurity in the digital landscape.
There are three things in particular which can be detrimental to your digital presence: malware, hackers, and snoopers.
Malware is malicious software that contains some type of threat to you or your devices, such as computer viruses, spyware, adware, keyloggers, and ransomware.
These kinds of software can slow down or shut down your computer, collect sensitive data, or be used to coerce you into paying a nefarious individual to protect data from being released or regain access to your computer.
You may think that because you aren’t going to any disreputable websites, you should be fine, but it’s not uncommon for legitimate websites to have malware on them which was placed there by someone who hacked the website.
Hackers are individuals who can use various means to gain entry into your computer and then use that access for whatever they are seeking.
Snoopers are people who track internet activity and may be advertising companies, governments, or even the websites you are visiting.
Most websites you visit track your IP address, allowing them to study how people use their website and then use that information to improve their site.
Some sites, especially chat sites (think Omegle or Chat Roulette), may use your IP address to identify you, log all your activity on their site, and even block access to their site if they decide to ban you.
File sharing and torrenting sites are able to track your downloads and determine what files you share and connect them to your IP address, which can then be used to hold you liable if you happen to share or download any copyrighted or illegal material.
In fact, torrenting is one of the most common reasons people look for a safe VPN.
Governments can use the tracking of these websites in investigations and can also monitor your internet activity for whatever reason they want.
By using a safe VPN, you can ensure that the IP being tracked is that of a VPN server, not your device.
Many virtual private networks make a point not to track any of your information, making it very difficult, if not impossible, to connect you to any specific internet activity.
This also makes it possible to change your IP address quickly and easily if you happen to get banned from a website.
What Security Features to Look for in a Secure VPN?
Protocols control the connection between your device, the VPN server, and the internet.
There are several protocols to choose from with most VPN providers and each has their own strengths and weaknesses; however, currently OpenVPN is the protocol we recommend for the greatest level of security due to its high encryption options, open source development, and because there is no evidence it has ever been compromised, even by the NSA.
2. Encryption Types/Levels
Encryption secures your data while it is transmitted to and from websites on the internet, preventing people from being able to see/understand your data even if they are able to capture it.
Currently, the highest level of encryption used publicly is 256-bit; however, 128-bit encryption is still passable, but not as uncrackable as 256-bit.
There are also different types of encryption, such as AES, RSA, and TwoFish/Blowfish. AES is generally considered the best encryption option, particularly when it’s at the 256-bit level.
3. DNS Leak Protection
When your browser makes DNS requests and you are using a virtual private network, even your ISP (internet service provider) should not be able to track what those requests are and, thus, what you are doing online.
However, the security features on a VPN have weaknesses which will occasionally (or regularly) “leak” those DNS requests to your ISP, allowing your ISP to track your online activity.
DNS leak protection is an added layer of security to prevent any such leaks of DNS requests to your ISP or anyone else.
4. WebRTC Leak Protection
If you are using a VPN for voice chat, video chat, or filesharing, that communication can, at times, allow for your IP address to be discoverable.
Web Real-Time Communication (WebRTC) protection blocks these leaks and can be provided by your VPN, offering you further security protocols.
5. A Kill Switch
Connections to VPNs are not perfect and there are times when those connections will fail, with the most common reasons being unstable protocols, firewall/router settings, weak wifi signals causing data loss, and congestion on the VPN server.
When your connection to a VPN server fails, your computer automatically switches to using your public IP given through your ISP (going to a direct connection).
This action exposes your IP and your device and, because your device will do this automatically, you may not even be aware it’s happened.
A kill switch automatically stops your device’s connection in the case of your VPN connection failing, thus preventing your device from being exposed and keeping your IP address hidden.
It is one of the most important features of a secure VPN.
6. IP Switching
Even when using a virtual private network to have a different IP address, if you are always using the same VPN IP, it can leave you vulnerable to banning by websites or some level of tracking your internet activity.
IP switching is a feature which automatically changes your VPN IP periodically to prevent any tracking or banning issues.
A VPN can provide an additional level of protection from hackers and snoopers by running your connection through two servers as a way to keep people from being able to hack your connection or track your activities.
A DoubleVPN isn’t absolutely necessary for most people, but if you think people may actively be trying to hack or track your connection, it’s a nice feature to be able to implement. Be prepared, however, for your connection speed to drop significantly.
8. Logging Practices
This is really more of a privacy feature than a security feature, but some VPNs track and log your IP and your online activity while others don’t. The less your VPN provider logs, the less information that can be retrieved.
Most Secure VPNs 2019
Now that you know why security is important and what to look for, which VPN providers have the most secure virtual private networks?
Is ExpressVPN Secure?
ExpressVPN is a very strong option for individuals seeking the best VPN for security.
They offer OpenVPN with AES 256-bit encryption, an RSA-4096 handshake (which establishes a secure connection between your device and the VPN) and (HMAC) SHA-512 keyed-hash message authentication code which secures data transfer.
They offer DNS and WebRTC leak protection, a kill switch, and IP switching while not logging IP addresses or internet activity.
ExpressVPN tops the list in pretty much every security measure, but they do not offer doubleVPN like NordVPN does.
In addition to being very secure, ExpressVPN is also one the fastest VPN available, as you can see in our review of the fastest VPNs.
Is CyberGhost Secure?
CyberGhost is another strong choice for users seeking a solid tool for maintaining digital security.
CyberGhost uses two channels, a data channel, and a control channel.
The data channel offers OpenVPN with AES 256-bit encryption and SHA256 hash authentication while their control channel offers OpenVPN with AES 256-bit encryption, RSA-4096 key encryption, and SHA384 hash authentication.
There is a difference between HMAC and simple SHA hash authentication where SHA hash authentication is prone to length extension attacks that HMAC would prevent.
CyberGhost does offer a kill switch, IP switching, WebRTC leak protection, and DNS leak protection; however, some tests have shown DNS leaks are not entirely prevented.
CyberGhost is no slouch when it comes to security, but the SHA hash authentication and potential DNS leaking prevent them from topping the list.
Is NordvVPN Secure?
NordVPN is a very secure option for users who want a secure, well-balanced VPN.
NordVPN’s has two things that make them stand out. They have a no logs policy, where they do not log anything about you or your internet activity, and they offer a DoubleVPN option.
They offer OpenVPN with AES 256-bit encryption for Windows and Android devices, but IKEv2/IPsec for iOS and MacOS. IKEv2 is a secure protocol, but there are rumors that IPsec has been compromised by the NSA and possibly others.
NordVPN uses an RSA-2048 handshake and HMAC SHA256 data authentication which is slightly less secure than an RSA-4096 handshake and (HMAC) SHA-512.
They offer a kill switch, IP switching, DNS leak protection, and WebRTC leak protection as well.
NordVPN is right at the top of the list for security with ExpressVPN.
It’s not quite as strong with handshake and data authentication, as well as not offering OpenVPN for iOS and MacOS, but they add a whole new level of security with their doubleVPN option, if you need it.
Having a secure virtual private network is a must and there are plenty of options out there where you can have a very safe and secure VPN.
You may not be able to stop every possible attack or privacy leak all the time, but you can certainly make it much less likely that you will fall victim to one by implementing proper security protocols.