Logging issues non secured website - PeachParts Mercedes-Benz Forum

dmorgan · #1 03-08-2017, 02:51 PM

When I logged on this website, I am using Firefox browser. The latest update on Firefox browser included user warnings for non-secure HTTP pages with logins. Firefox now displays a “This connection is not secure” message when users click into the username and password fields on pages that don’t use HTTPS.

Here is this article on the logging issue: https://support.mozilla.org/t5/Protect-your-privacy/Insecure-password-warning-in-Firefox/ta-p/27861

Should I be concern about logging on this website? Any comment/feedback on this issue?

raymond~ · #2 03-11-2017, 05:28 PM

i wouldn't be too anxious over that. it's commonly presumed that most web sites are not
secured. the only ones you should have a heightened awareness over is if the site you are
on is not secured and you are about to input personal, financial, or confidential information
e.g. paypal, ebay, your bank, credit cards, amazon...you get the picture

dmorgan · #3 03-25-2017, 04:03 PM

Thanks raymond for your imput. I appreciated it.

okyoureabeast · #4 03-25-2017, 07:29 PM

Just make sure your password here isn't the same as your banking, email, or other sensitive accounts.

Stretch · #5 03-26-2017, 05:19 AM

Not only not the same - similar pattern if there happens to be one.

In this day and age, however, there really ought to be more done to protect user accounts. Benz World had a great big paddy about their service provider being hacked and all the account information being published some where for "criminals". Sure it was "just" email addresses and site passwords - still personal data which is meant to looked after responsibly.

Whether it is irresponsible or responsible or not will come down to opinion. Many more traders' site are now htpps encrypted and slowly forums are going that way too. It will eventually "look" like people are not being responsible if they too don't use https.

tinypanzer · #6 03-27-2017, 02:39 PM

Quote:

Originally Posted by Stretch

Not only not the same - similar pattern if there happens to be one.

In this day and age, however, there really ought to be more done to protect user accounts. Benz World had a great big paddy about their service provider being hacked and all the account information being published some where for "criminals". Sure it was "just" email addresses and site passwords - still personal data which is meant to looked after responsibly.

Whether it is irresponsible or responsible or not will come down to opinion. Many more traders' site are now htpps encrypted and slowly forums are going that way too. It will eventually "look" like people are not being responsible if they too don't use https.

As someone who works in the industry, I can tell you that we are already well past that point. https is now the standard, and plain-text sites like this are considered obsolete and risky. Even google searches are now https by default. It really isn't all that much work to get SSL working, you just need a certificate and a few configuration changes.

I highly encourage the admins here to catch up and get this site secured. Not having a secure site effects all sorts of metrics, including search ranking. You are leaving yourself unprotected and losing out on search hits by not having this site secured. You are also exposing your users to potential data breaches and scams.

Just remember - your password is sent across the wire in plain text here. That means anyone with a network traffic sniffer can -easily- get your account credentials. This includes the site administrator and everything they have access to.

Stretch · #7 03-31-2017, 04:50 AM

Quote:

Originally Posted by tinypanzer

As someone who works in the industry, I can tell you that we are already well past that point. https is now the standard, and plain-text sites like this are considered obsolete and risky. Even google searches are now https by default. It really isn't all that much work to get SSL working, you just need a certificate and a few configuration changes.

I highly encourage the admins here to catch up and get this site secured. Not having a secure site effects all sorts of metrics, including search ranking. You are leaving yourself unprotected and losing out on search hits by not having this site secured. You are also exposing your users to potential data breaches and scams.

Just remember - your password is sent across the wire in plain text here. That means anyone with a network traffic sniffer can -easily- get your account credentials. This includes the site administrator and everything they have access to.

So how would you apply pressure to the administrators then?

tbomachines · #8 03-31-2017, 07:23 AM

Agreed on all of the above (Also work in the industry). I would start by showing them the concerns of members here, and also that Google ranks https pages higher than non ssl pages, so they'll likely see an organic traffic boost in the long run. Short answer is they should get with the times, it's practically a standard now.