If you have ever travelled out of country or even travelled interstate or used someone else’s computer you will have received an email from google, yahoo, twitter, Facebook etc saying they have “Detected suspicious account activity” and either ask you to prove your identity, confirm it was you using the foreign computer or they simply temporarily prevent access to your account until you have entered a verification code, clicked on a verification email or answered a series of verification questions.
All are major inconveniences if you are not prepared for them or you are in a hurry to do something.
With the current level of fear and concern about internet security it is expected that service providers protect our account so carefully. But they don’t cater for the traveller. They expect everyone to stay put in the same country using the same computer.
They generally protect your account by detecting the computer and location you normally use to access there platform and record this in a profile they keep about you. If you travel or as we do sometimes let our staff in the Philippines access our accounts then the alarm bells go off saying someone suspicious is trying to access an account they shouldn’t.
We don’t want suspicious people accessing our accounts. But we do want to be able to access our own accounts from anywhere in the world at anytime without being stopped by the gatekeeper. Nor do we want to jump through multiple hoops before we can do something simple like check our email or post a video to YouTube.
Of course it’s even more difficult with some social media and banking apps. The ones using two step verification. Who require a mobile phone number associated with your account. Each time they detect a problem or you log in, they may send a verification code to your phone. Dragging a phone number around the world accumulating data roaming charges is nothing but a bad joke and its not even certain your carrier will have a reciprocal agreement in places you visit.
So what’s the solution to prevent Detected suspicious account activity?
Planning and preparation before you leave
A little advanced planning alway helps and some service provides enable you to setup multiple recovery methods to gain access to your accounts if they are suspended or suspicious activity is detected. It’s a good idea to activate as many of these as you can and record there details in a safe storage place like 1Password or even the IOS keychain (Apple users only). You will need access to the information as you are going to make mistakes and get caught out while traveling. We can attest to this. With five people in our crew and twenty or more accounts between us, it happens at least once in every country we visit.
Make sure to add a secondary email or recovery email address to all your Google accounts, facebook, twitter etc if they have them. Setup the two or more security questions with Apple ID your bank and any other accounts that use this method for verification.
If you are using two step verification method connected to a mobile number. A number that may or may not work in every place you visit it might be an idea to turn off two step verification and improve your password instead.
Find out how to change the phone number associate with your account so you can change it easily each time you purchase a new sim card.
This is a little harder to manage if your bank doesn’t provide the service but bank with someone that uses in application verification rather than two step verification.
Virtual Private Network Trickery
This sounds wrong but it is really the best solution. If you don’t want to invoke the suspicion activity gremlins then trick them into believing you never left home.
The trick has two parts. Firstly take your laptop, tablet and/or phone you use at home so you are using the same device to access your account and install on that device a piece of software that can setup a Virtual Private Network (VPN) some times referred to as a tunnel.
So what does this software do?
A VPN creates a virtual pipe between your device and a server in your country of origin. The pipe is invisible to anyone viewing your internet credentials and location. So it appear to everyone that your device is actually located where the server is located. You appear to be at home or at least within the country where you setup the accounts. So the suspicious activity gremlins stay asleep.
To make a VPN work you need three things a device (computer, tablet, smartphone), some VPN software and a server (larger computer) in your country of origin. Of course both your device and the server must be connected to a reasonably faster internet connection.
Importantly for this to work properly the server has to be able to establish an anonymous VPN connection. These are called anonymous private networks because the pipe is fully encrypted all communications between your device and the server are encrypted and essentially private until they flow from the server into the internet. All information about your location and originating IP address are stripped away and replaced by the servers own details.
How do you create a VPN?
There are multiple ways to create a VPN and just as many protocols to use but the real issue is the server. Unless you want to spend money setting up your own dedicated server to connect with from all over the world you are going to have to use someone else’s server.
Fortunately there are hundreds of anonymous server established in most countries. So then it becomes a process of finding a sever in your country of origin with enough speed and availability, plus a easy way to run the VPN from your devices.
We use the following applications Tunnel Bear and OpenVPN. Both offer a free service but if you want speed, reliability and proper anonymity then you will need to purchase access to a good dedicated server or in the case of Tunnel Bear a set of servers world wide.
Speed is the major concern as setting up a VPN incurs some over heads and does make the internet appear a little slower. We have found that for best results at least 1 mb/s for both upload and download is require. This will give a VPN connection with about 80% that speed if connected to a fast server.
The free servers are generally so over crowded that speeds seldom exceed 0.4 mb/s. In places where we have had excellent internet. Speeds of 10mb/s and above we have been able to achieve speeds with Tunnel Bears full service around 8 mb/s.
Since Tunnel Bear is a private system you can only access their certificate’s if you signup to their service. On the other hand there are numerous OpenVPN servers and many publish their connection credentials making it easy to setup a VPN no your device.
Problems with VPN’s
There are a few problems with VPN’s
Firstly they can make the internet speed slower so they are not advisable in every situation and should probable only be turned on when trying to use an account you know will result in a suspicion account activity message.
Some service providers don’t like their patrons using VPN’s because the data being transferred between your device and the VPN server is hidden from them. In other words they can’t monitor what you are looking at. It has become less of a problem now that Google and other platforms use SSL connections, effectively setting up VPN connections every time you browse their sites. The different being these connections are not anonymous and some data is available to the service provider. So be careful using anonymous VPN connections can be view as subversive activity in some countries.
In a similar vain some service provider will limit all forms of tunnelling so they can manage bandwidth more effectively. We experienced a satellite link in Greece that dropped all tunnels to non whitelisted servers during peek usage periods. Making it impossible to avoid the dreaded suspicious activity problem if you logged on during these period.
Finally we have experienced some problems with Tunnel Bear when using its connect on demand capability. If the connection cannot be established Tunnel Bear will continue to try to establish a connection without notification of an issue and therefore effectively preventing any connection to the internet. A difficult situation to resolve if you don’t know how to turn off the on demand feature.