No secure login page/link?

   / No secure login page/link? #1  
B

BigBlue1

Veteran Member
Joined
Mar 14, 2017
Messages
2,109
Location
Middle MN
Tractor
JD: 2520 & x758
I had to start with a fresh browser profile today and I noticed while trying to log in to this forum that there is no SSL/HTTPS/secure login form available. The normal page with the user/password box is just HTTP unsecure and trying to add https:// to the URL fails to load a page. Am I missing something or does this forum really not have a secure login?

Rob
 
   / No secure login page/link?
  • Thread Starter
#2  
No admins/mods have any info on this?
 
   / No secure login page/link? #3  
At this time, no, we don't have login set up through HTTPS. It's something we can definitely look at, though.
 
   / No secure login page/link? #4  
You are not entering credit card information, SSN info, mother's maiden name, etc. Just a forum to ask questions, find answers, and have fun. Most forums I check on are not super secure since sensitive data is not (or shouldn't be) saved or entered in a profile. Don't put anything in your profile you wouldn't want anyone else to know on a public site.
 
   / No secure login page/link?
  • Thread Starter
#5  
Fossil Farm said:
You are not entering credit card information, SSN info, mother's maiden name, etc. Just a forum to ask questions, find answers, and have fun. Most forums I check on are not super secure since sensitive data is not (or shouldn't be) saved or entered in a profile. Don't put anything in your profile you wouldn't want anyone else to know on a public site.
Click to expand...

That's totally not the point. The content of this site or a user's profile is not what needs to be secured. Any transfer of login credentials should be done over an encrypted connection. That's basic user account security for ANY system. To not take it seriously anywhere is just asking for eventual problems. Yes, I know there are ways to mitigate it and not using the same creds for multiple sites is one of those, but that doesn't excuse good security procedures. If/when credentials are hacked from clear text logins here and users (who aren't as studious about using separate passwords for each account) get violated it is this site that will suffer as users leave and/or bad publicity harms it.

There is never an excuse for unencrypted transmission of credentials. It's just too easy to do it right.

Rob
 
You must log in or register to reply here.
 

Footer Links 1

Top