Digital security for nomads
Three tools cover 90% of nomad security risk: a password manager, a VPN, and an authenticator app for 2FA. Start here. Everything else is incremental.
Key takeaways
Travel Mode hides vaults at border crossings. Cross-device sync, strong unique passwords everywhere.
Café and hotel networks are unencrypted. Also fixes bank app blocks when you're on a foreign IP.
SIM swap attacks are real. Use Authy or 1Password TOTP for all critical accounts — not SMS.
FileVault on Mac, BitLocker on Windows. A stolen laptop exposes nothing if encryption is on.
Working from café wifi in Bali, hotel networks in Eastern Europe, and airport lounges in transit leaves you exposed to threats that sitting in a home office does not. Most nomads are also running a business — client data, financial accounts, and contracts need protecting.
The three non-negotiables
Three tools cover the vast majority of security risk for a nomad: a password manager, a VPN, and two-factor authentication. Everything else is incremental. If you have none of these, start here before anything else.
Password manager — 1Password
1Password is the standard recommendation for professionals. It stores all your passwords in an encrypted vault, generates strong unique passwords for every account, and syncs across all your devices. The Travel Mode feature is specifically useful for nomads — you can hide sensitive vaults when crossing borders where device inspection is possible, then restore them once through. Get 1Password →
At $3/month for personal, it's the cheapest meaningful security improvement you can make. Alternatives: Bitwarden (open source, free tier available) and Dashlane are both solid.
💡 1Password Travel Mode
Before crossing into any country with aggressive border inspection (Russia, China, UAE, US CBP), enable Travel Mode in 1Password. It removes selected vaults from your device — they're not hidden, they're genuinely absent. Re-enable after clearing customs. This protects business client data and sensitive accounts from compelled device searches.
VPN — for public wifi and geo-restricted content
A VPN encrypts your internet traffic and routes it through a server in a country of your choice. Essential for two use cases: public wifi (cafés, hotels, airports) where your traffic could be intercepted, and accessing geo-restricted services from countries where they're blocked or rate-limited. Get NordVPN →
NordVPN and Surfshark are both strong options for nomads — large server networks (100+ countries), fast speeds, and apps for all platforms. See the VPN guide for a full comparison.
Two-factor authentication
Enable 2FA on every account that supports it: email, banking, Stripe/PayPal, domain registrar, cloud storage, password manager. Use an authenticator app (Authy, 1Password's built-in TOTP, or Google Authenticator) rather than SMS where possible — SIM swap attacks are real, and SMS 2FA is the weakest form.
For your highest-value accounts (email, primary bank), a hardware key (YubiKey) is the strongest option. A $50 YubiKey makes your email account essentially impossible to phish even if your password is compromised.
⚠️ SMS 2FA and foreign phone numbers
If you switch SIMs while traveling and your 2FA codes are going to a number you've temporarily abandoned, you can get locked out of critical accounts. Keep your home SIM active (even on a minimal plan) specifically to receive 2FA codes. Better long-term: migrate all 2FA to an authenticator app and away from SMS entirely.
Device security
Full-disk encryption should be enabled on your laptop — FileVault on Mac, BitLocker on Windows. This means a stolen laptop exposes no data. Set a screen lock timeout of 5 minutes or less. Don't leave your laptop unattended in cafés without a lock, even briefly. A laptop lock cable ($15–30) deters opportunistic theft at coworking spaces.
Enable remote wipe on your phone (Find My iPhone, Android Device Manager). In the event of theft, you can remotely erase everything before anyone accesses your accounts.
Backup strategy
The 3-2-1 rule: 3 copies of important data, on 2 different storage types, with 1 offsite (cloud). For nomads: your laptop, an external SSD in your bag, and cloud backup (iCloud, Google Drive, Backblaze). Client work files and business records specifically need regular backup — losing 6 months of invoices is not a theoretical risk when you're working from a bag that gets stolen.
What to do if your laptop is stolen
In order: remotely wipe the device, change passwords for all accounts that were logged in (start with email — it controls everything else), revoke OAuth tokens (log out of all sessions), notify your bank, and file a police report for insurance purposes. Having a password manager means you can do all of this from any borrowed device within an hour.
The bottom line
1Password for password management (enable Travel Mode when crossing borders), a VPN for public wifi, authenticator app for 2FA on all critical accounts. These three tools cover 90% of realistic threat scenarios for a working nomad.
1Password — password manager with Travel Mode
Encrypted vault, cross-device sync, and Travel Mode for border crossings. The security baseline for serious nomads.
Get 1Password → Affiliate link — we may earn a commission at no extra cost to you.NordVPN — VPN for public wifi
6,000+ servers in 110 countries, fast speeds, and a no-logs policy. Essential for café and hotel wifi security.
Get NordVPN → Affiliate link — we may earn a commission at no extra cost to you.NordPass — password manager
Clean UI, affordable family plan, and backed by the same team as NordVPN. Good option if you're already in the Nord ecosystem.
Get NordPass → Affiliate link — we may earn a commission at no extra cost to you.