Originally Posted by Janet H
I wanted to let you know that in the next day or so you may see a small change to the site login screen. This is being done as we add an extra layer of security to usernames and passwords. The login pages, registration page and pages where you might update your account login info will be behind an https url rather than the usual http url.
This change is being made to stay current with recommended security practices and not in response to any problem with the site or accounts.
HTTPS adds security in several ways; verifying that the site is the one a server is supposed to be talking to and by preventing tampering by 3rd parties. It stops Man-in-the-middle attacks
, improving security for both the site and for those logging in.
This should not impact your usual browsing experience. You will still login, still tick the remember me box, etc. The location of the login button has changed however and the page looks a bit different.
Err, this isn't technically true. If you can spoof the HTTPS certificate, then a MITM attack can still work. I know this is possible because Lightspeed Systems uses this technique to decrypt google searches made by students in a multitude of schools around the globe (In order to monitor google searches for key terms, eg things related to terrorism or suicide etc). (Since Google forces HTTPS connections during searches now).