I use NordVPN on my laptop fairly rarely as I’m usually at home on my PC. I’ve now noticed that every time I try to connect to VPN on my laptop for the first time in a new hotel, it opens up Chrome and prompts me for my NordVPN username and password.
So my question is this: doesn’t this kind of defeat the purpose of the VPN? i.e. to protect myself from potential password pirates on the hotel internet, I first need to type in my actual VPN password while unprotected… That seems completely counterintuitive to me. I don’t know what the solution to that would look like, but it frustrates me every single time and I end up doing it because there’s really no other choice if I want to connect to VPN.
Lol, yeah sending passwords is done over https which is encrypted. If you’re using Nord for “protecting passwords” congrats, you’ve realized you’re buying snake oil.
It’s pretty simple. Search for OpenVPN for Android/Windows etc. Download and install it. Create a new VPN profile. It’ll ask for the OpenVPN file which you can download from Nord https://nordvpn.com/ovpn/ and upload it to the OpenVPN app. It’ll ask for the username and password. Find the OpenVPN username and password from Nord’s manual configuration section. Save it and click connect. Remember to turn off IPv6 in settings.
So the majority of web traffic is almost exclusively HTTPS, which is HTTP + TLS.
Lots of info:
Easier to understand video:
VPN ads pretend HTTPS doesn’t exist, even though that protocol has been enforced by browsers like Chrome for 5+ years and encouraged by search engines such as Google for about a decade.
HTTPS and IKEv2/IPSEC (or whatever protocol you have your VPN using) use the same cipher suite (encryption) which will probably be TLS_AES_256_GCM_SHA384. It’s essentially the same protection either way you do it.
