These days, banking is (literally) at your fingertips. If you want to deposit a check or see what’s left in your account, all you need is a smartphone and an app. Banks take your security seriously, but that doesn’t mean your data isn’t vulnerable. Keep using that convenient banking app; just steer clear of these dumb mistakes.

Man wearing striped shirt using smartphone © iStock

Banking on public Wi-Fi

You wouldn’t shout your account number from your rooftop, would you? Then you shouldn’t bank on public Wi-Fi either. These networks typically don’t require logons or passwords, making them vulnerable to hackers. Not only are you in danger of a bad guy spying on your machine, some hot spots have terms and conditions that allow the owner to monitor your device, says Bill Horne, telecommunications expert and moderator of the Telecom Digest.

“The secure connection you thought you had going all the way to your bank is only traveling a few feet to a corporate router, which will take note of all your traffic, including the ID and password you use to log in to your bank’s website,” Horne says.

Using a virtual private network, or VPN, can help keep your data safe. It provides added security and encryption.

Virtual private network

A virtual private network, or VPN, serves as an intermediary between the user and the Internet, encrypting any data — such as passwords — that are transmitted. VPNs are often used by workers looking to gain access to company servers while off-site. But consumer VPN services are also available. Security experts recommend their use when accessing public Wi-Fi hot spots.

Not logging out

Always make sure you sign out after using your banking app. Even though banking apps have short session times — meaning they’ll log you out automatically if there’s no activity – theoretically, a thief could take your phone and have enough time to get full access to your bank accounts before the session timeout.

Choosing an obvious username

If your banking username is your email address, it’s time to change it. Come up with a unique, not-quite-so-obvious name.

On that same note, when setting up your password recovery, avoid questions that someone could find in public records. Don’t choose your pet’s name, for example. Many pet names are easy to guess. Plus, you might have mentioned ol’ Scout in your public Instagram photo.

Not updating your app

Whenever your phone’s operating system offers an update, download it. The same goes for your mobile banking app. Updates protect you from any new security vulnerabilities, so you want to stay on top of them.

Being careless with your password

Speaking of passwords, pick a strong one. A strong password should include special characters (like *&%$) and it should be at least 12 characters long, suggests Brian O’Hara, a consultant with the IT security firm Rook Security in Indianapolis. And don’t forget to update them, too.

“Most banks do not require that you routinely change your password,” he says. “Whether they require it or not, your banking passwords should be changed at least every 90 days to be safe. “

Have you made one of these mistakes and think your accounts may be compromised? Monitor your credit report for free with myBankrate to see if anyone has opened unauthorized credit lines.

More From Bankrate