The most secure VPN of 2018: top picks for the best encryption

VPN security and encryption is a rather tricky business when you start digging deeper into the various issues involved. As you’re probably aware, the fundamental purpose of a VPN is to increase your online security and privacy by sending your data through an encrypted tunnel, keeping it away from the prying eyes of governments, ISPs, or indeed malicious types like hackers.

If you want to easily pick out the most secure VPN provider with top-notch encryption, we’ve done the hard work for you and compiled our top five choices right here.

Most Secure VPN in 2018

1. ExpressVPN

Best all-round VPN for security and encryption

Number of servers: 2000 | Server locations: 148 | IP addresses: 30000 | Maximum devices supported: 3

Premium security
Speedy performance
No free plan or trial
Not the cheapest VPN service

With ExpressVPN, you get every ounce of security you could possibly want. The provider uses AES 256-bit encryption and OpenVPN almost exclusively. Additionally, the company uses an RSA-4096 handshake (a form of connection negotiation between your device and a VPN server) and SHA-512 hash message authentication code (HMAC), along with PFS (Perfect Forward Secrecy).

WebRTC leak protection, DNS leak prevention, and a kill switch round off an impressive security effort.

Performance is just as strong for the most part, especially over shorter distance connections. There are tons of VPN servers to choose from and the service offers user-friendly apps for every major platform, as well as a wide range of additional devices (and a few browser extensions). A sterling privacy policy is also in place, which is good to see.

There is no free plan or trial to test the waters here, though, and the price tags on the three available subscriptions are somewhat higher than many rival VPNs (especially the monthly plan).

Still, you do get a 30-day money-back guarantee, and if you opt for the 12-month plan (with three months extra thrown in for good measure), you’ll be getting a solid value proposition – particularly considering the security features on offer here. The packages available are:

2. IPVanish

Fastest VPN

Number of servers: 1000+ | Server locations: 60+ | IP addresses: 40000+ | Maximum devices supported: 10

Seriously fast
Nicely configurable software
Windows client needs work
No free trial

In our performance testing, IPVanish delivered excellent download speeds for nearby servers, while still managing above-average speeds over longer distances. Native apps are available for all the major platforms, with setup instructions for many others.

The software gives you more than enough low-level settings to tinker with, should you wish, although there is a slight downside with the Windows client. We found the latter was somewhat prone to network issues and didn’t play nice at all if rival VPN clients were installed on the host PC, so bear this in mind.

Moving onto security, IPVanish uses AES-256-CBC encryption with an SHA256 hash algorithm, multiple protocol support, a kill switch, both proprietary and third-party DNS, as well as an OpenVPN scramble solution to help avoid the VPN connection being detected and blocked. The service is also one of our favorites when it comes to privacy.

You’ll have to cough up some cash in order to enjoy this service, though, as there’s no free trial to test it (unless you sign up for the iOS app). The prices aren’t the cheapest around, although the yearly plan offers more than palatable value-for-money, and you can save more by signing up through TechRadar’s special offer, of course. The packages available are:

3. NordVPN

Best VPN for double encryption

Number of servers: 4853 | Server locations: 62 | IP addresses: N/A | Maximum devices supported: 6

Double data encryption
Good performance
Expensive monthly plan

This Panama-based outfit has some real strengths security-wise, most notably ‘Double VPN’ technology which routes your connection through two separate VPN servers (instead of just one) for an additional layer of security.

There are a limited number of Double VPN servers, but the service also offers the usage of the Onion network over VPN, as well as automatic blocking of suspicious websites and ads. 256-bit AES encryption is on hand, while the IKEv2/IPsec security protocol has been adopted as the default in NordVPN’s apps for iOS and macOS, with OpenVPN being the choice for Windows and Android.

The service delivered on the performance front in our tests, and you can connect with a wide range of available clients (plus there are a number of tutorials for devices which don’t have native clients provided). As for privacy, the company implements a ‘no logs’ policy, so it’s all good in that regard.

On the subscription front, NordVPN offers some affordably priced commercial plans (the expensive monthly subscription aside), along with a 30-day money-back guarantee. The 3-year plan is great value if you’re happy to make that commitment. The packages available are:

4. AirVPN

Best balance of performance and price

Number of servers: 226 | Server locations: 20 | IP addresses: N/A | Maximum devices supported: 5

Open and transparent
Highly configurable
Few server locations
Could be more user-friendly

Hailing from Italy, AirVPN is an OpenVPN-based service operated by “activists and hacktivists in defence of net neutrality, privacy and against censorship”. As a result, you get a refreshingly transparent provider that openly addresses all key security and privacy aspects, as well as other details. A good example is that AirVPN guarantees users a minimum allocated bandwidth of 4Mbps (downloads and uploads) upfront.

You get the full scoop on what’s happening on the security front. High-level encryption includes 4096-bit RSA keys, an AES-256-CBC data channel, HMAC SHA1 control channel, and internal VPN DNS solution, and PFS, while every server supports OpenVPN over SSH, OpenVPN over SSL and OpenVPN over Tor. Also, recently the full IPv6 support was added, as well as "tls-crypt" support.

In our tests, performance was fast when using local servers, although we did find subpar speeds with some servers. The company has servers in 20 countries, which is on the low side compared to some rivals.

The native Windows client has an awkward interface that doesn’t help its cause, but on the other hand, it sports numerous bells and whistles that help facilitate a more pleasant VPN experience.

There are five available plans that are fairly affordable overall. There’s a 3-day plan which acts as a cheap alternative to a full-access trial, but as ever, the annual plan is the go-to option for the best savings. The packages available are:

5. Windscribe

Best free VPN

Number of servers: 522 | Server locations: 100 | IP addresses: N/A | Maximum devices supported: Unlimited

Unlimited devices
Free plan with 10GB/month data
Average connection speeds
Scarce plan selection

One of the main factors that makes Windscribe so alluring is that it allows users to hook up an unlimited number of devices, making it ideal for families. Another huge plus point is a freebie offering that has a rather generous monthly data limit of 10GB (far more than you’ll find elsewhere, although you are restricted in the servers you can access, which is quite common with free plans).

Our performance tests showed mixed results, with the nearest server delivering disappointing download speeds, oddly enough, and the results getting better from further away (quite the opposite of what we’re used to).

It’s good enough for browsing and lightweight streaming, though, and we have to say that for a free service, Windscribe performs reasonably well. Mobile users won't have any problem using the service, as there are apps available for both iOS and Android.

The Canadian provider uses AES 256-bit encryption with SHA512 authentication and a 4096-bit RSA key. There is also support for PFS, as well as a kill switch and protection against DNS and IPv6 leaks. More good news comes in the form of a detailed privacy policy that’s as favorable as it can get.

The free plan aside, there isn’t much choice in terms of paid subscriptions – essentially you can choose between monthly, annual or biennial billing, with the latter providing the best value-for-money. The packages available are:

Security and Encryption

Encryption can only go so far. If the authorities demand logs or other details on users from a VPN firm, encryption won’t stop the provider from handing said details over – which is why you should always be on the lookout for a firm which has a super-solid ‘no logs’ policy. That’s because while encryption might keep your data private and unreadable to your ISP, it’s still visible to the VPN.

So that’s one of the common misconceptions about VPN security and encryption with regards to online privacy. Further misunderstandings can stem from the mishmash of jargon that surrounds talk of encryption, which is all likely to be meaningless to the casual VPN user. Terms like 128-bit, 256-bit, AES, and other jargon is likely to confuse, so a bit of explanation is in order.

Encryption relies on advanced mathematical formulae to work its magic. Some types of encryption are stronger than others, and that’s where the terms 128-bit and 256-bit come in – the latter is stronger than the former. AES stands for Advanced Encryption Standard and is the computer cipher or the actual algorithm used to perform the encryption.

Blowfish and AES are by far the most common ciphers found in daily VPN usage, and you’ll most commonly see VPN providers offering AES 256-bit encryption. The latter is something of a worldwide standard for solid security, with 256-bit encryption producing a staggering 1.1579 x 10 to the power of 77 possible keys.

Given that, even if you were using the combined power of all the world’s most powerful supercomputers, it’s not possible to pull off a brute-force attack to crack a symmetric 256-bit key (not before the death of the universe rolled around, anyway).

Also worth a mention is Perfect Forward Secrecy (PFS), a system of private encryption keys generated for each new session – this basically ensures that even if the current particular key in use is somehow compromised, the encryption of past sessions can’t be cracked (because they all use a different key).

As for VPN protocols, on the security front, OpenVPN is the recommended choice under most circumstances due to its inherent safety and high configurability.

Those are the basics when it comes to VPN encryption, without delving into the depths of the subject.