Account login Security change - Techist - Tech Forum

Go Back   Techist - Tech Forum > Techist Forum Information > Forum Admin, Announcements & Feedback
Click Here to Login
Reply
 
Thread Tools Display Modes
 
Old 01-03-2017, 08:27 PM   #1 (permalink)
 
Janet H's Avatar
 
Join Date: Nov 2011
Location: Pacific NW
Posts: 164
Default Account login Security change

I wanted to let you know that in the next day or so you may see a small change to the site login screen. This is being done as we add an extra layer of security to usernames and passwords. The login pages, registration page and pages where you might update your account login info will be behind an https url rather than the usual http url.

This change is being made to stay current with recommended security practices and not in response to any problem with the site or accounts.

HTTPS adds security in several ways; verifying that the site is the one a server is supposed to be talking to and by preventing tampering by 3rd parties. It stops Man-in-the-middle attacks, improving security for both the site and for those logging in.

This should not impact your usual browsing experience. You will still login, still tick the remember me box, etc. The location of the login button has changed however and the page looks a bit different.
__________________

Janet H is offline   Reply With Quote
Old 01-04-2017, 12:25 AM   #2 (permalink)
The Ghost
 
luke127's Avatar
 
Join Date: Mar 2012
Location: Australia
Posts: 772
Default Re: Account login Security change

Quote:
Originally Posted by Janet H View Post
I wanted to let you know that in the next day or so you may see a small change to the site login screen. This is being done as we add an extra layer of security to usernames and passwords. The login pages, registration page and pages where you might update your account login info will be behind an https url rather than the usual http url.

This change is being made to stay current with recommended security practices and not in response to any problem with the site or accounts.

HTTPS adds security in several ways; verifying that the site is the one a server is supposed to be talking to and by preventing tampering by 3rd parties. It stops Man-in-the-middle attacks, improving security for both the site and for those logging in.

This should not impact your usual browsing experience. You will still login, still tick the remember me box, etc. The location of the login button has changed however and the page looks a bit different.
Err, this isn't technically true. If you can spoof the HTTPS certificate, then a MITM attack can still work. I know this is possible because Lightspeed Systems uses this technique to decrypt google searches made by students in a multitude of schools around the globe (In order to monitor google searches for key terms, eg things related to terrorism or suicide etc). (Since Google forces HTTPS connections during searches now).
__________________

__________________
Yeah, I'm the boss 😂😂 FIGJAM 😂😂
luke127 is offline   Reply With Quote
Old 01-04-2017, 09:10 AM   #3 (permalink)
Private Joker
 
carnageX's Avatar
 
Join Date: Feb 2007
Location: South Dakota
Posts: 23,592
Default Re: Account login Security change

Quote:
Originally Posted by luke127 View Post
Err, this isn't technically true. If you can spoof the HTTPS certificate, then a MITM attack can still work. I know this is possible because Lightspeed Systems uses this technique to decrypt google searches made by students in a multitude of schools around the globe (In order to monitor google searches for key terms, eg things related to terrorism or suicide etc). (Since Google forces HTTPS connections during searches now).
Depends on how the cert is being verified.

Honestly tho, the entire site should be on HTTPS, not just the login page.
__________________
Laptop: MSI GT70 2OC-059us | i7-4700MQ | 16GB | GTX 770m | 500GB SSD / 750GB HDD | 17.3" | Win10 Pro
Desktop: 4690k | 12GB g.Skill RipJaws | GTX 970 | 520hx | Z87X-UD4H | Corsair Vengeance C70 | Corsair H110 | Acer 25" | Acer 22" | Win10
Mobile: Samsung Galaxy Note 5


If I help you, or you just like what I said, rep me by clicking the under my post
carnageX is online now   Reply With Quote
Old 01-04-2017, 09:23 PM   #4 (permalink)
Newb Techie
 
Join Date: May 2015
Location: Australia
Posts: 16
Default Re: Account login Security change

Quote:
Originally Posted by carnageX View Post
Depends on how the cert is being verified.

Honestly tho, the entire site should be on HTTPS, not just the login page.
That is what I think too. Regardless of type of website it is, any site these days should be served securely.
BK_123 is offline   Reply With Quote
Old 01-09-2017, 10:31 AM   #5 (permalink)
The Ghost
 
luke127's Avatar
 
Join Date: Mar 2012
Location: Australia
Posts: 772
Default Re: Account login Security change

Quote:
Originally Posted by carnageX View Post
Depends on how the cert is being verified.

Honestly tho, the entire site should be on HTTPS, not just the login page.
+1 agreed. Though if I had to guess, it's probably more expensive? lol. I'm not experienced with web hosting whatsoever, so I don't know if HTTPS or HTTP is more computationally or financially expensive to use.
__________________
Yeah, I'm the boss 😂😂 FIGJAM 😂😂
luke127 is offline   Reply With Quote
Old 01-09-2017, 10:41 AM   #6 (permalink)
Private Joker
 
carnageX's Avatar
 
Join Date: Feb 2007
Location: South Dakota
Posts: 23,592
Default Re: Account login Security change

Quote:
Originally Posted by luke127 View Post
+1 agreed. Though if I had to guess, it's probably more expensive? lol. I'm not experienced with web hosting whatsoever, so I don't know if HTTPS or HTTP is more computationally or financially expensive to use.
Marginally more computationally expensive because it has to encrypt/decrypt, but it's negligible since it's a small amount of data.
__________________
Laptop: MSI GT70 2OC-059us | i7-4700MQ | 16GB | GTX 770m | 500GB SSD / 750GB HDD | 17.3" | Win10 Pro
Desktop: 4690k | 12GB g.Skill RipJaws | GTX 970 | 520hx | Z87X-UD4H | Corsair Vengeance C70 | Corsair H110 | Acer 25" | Acer 22" | Win10
Mobile: Samsung Galaxy Note 5


If I help you, or you just like what I said, rep me by clicking the under my post
carnageX is online now   Reply With Quote
Old 01-10-2017, 02:09 AM   #7 (permalink)
The Grinch
 
c0rr0sive's Avatar
 
Join Date: Feb 2005
Location: asdf
Posts: 8,742
Default Re: Account login Security change

I will have to avoid using the forum if it goes full SSL... Sorry, but I depend very heavily upon cached content and have made it a point to avoid websites that use HTTPS in places that it's just not needed.
__________________
Personal Machine: ECS B85H3-M | Intel i5 4460 | 16GB DDR3-1333 | eVGA 750Ti | Samsung 830 120GB
Server: ASUS M5A99FX Pro R2.0 | AMD FX8350 | 32GB DDR3-1600 ECC | Intel Quad Gigabit NIC | 3Ware 9650SE-12ML + BBU | 650w OCZ ZS PSU | eVGA LP 710 | 10x WD RE 4TB disks in Raid10
c0rr0sive is offline   Reply With Quote
Old 01-10-2017, 03:19 AM   #8 (permalink)
The Ghost
 
luke127's Avatar
 
Join Date: Mar 2012
Location: Australia
Posts: 772
Default Re: Account login Security change

Quote:
Originally Posted by c0rr0sive View Post
I will have to avoid using the forum if it goes full SSL... Sorry, but I depend very heavily upon cached content and have made it a point to avoid websites that use HTTPS in places that it's just not needed.
Errr wtf? Why?
__________________
Yeah, I'm the boss 😂😂 FIGJAM 😂😂
luke127 is offline   Reply With Quote
Old 01-10-2017, 08:56 AM   #9 (permalink)
The Grinch
 
c0rr0sive's Avatar
 
Join Date: Feb 2005
Location: asdf
Posts: 8,742
Default Re: Account login Security change

Guess you didn't realize some people have limited bandwidth in this day and age? I only get 20GB a month max, and plenty of people still depend on dial-up because the monopolies everyone loves to support wont provide service to last mile users. I tend to get a cache hit on squid of about 8GB/month, so that's 8GB/month that I don't get docked on my monthly quota. The more websites that go to HTTPS, the fewer that can be cached on my proxy. IMO, it's stupid to think every single thing must be a secure link, because it's not truly secure. Nice to have the logon as secure, but beyond that, it's pointless.
__________________
Personal Machine: ECS B85H3-M | Intel i5 4460 | 16GB DDR3-1333 | eVGA 750Ti | Samsung 830 120GB
Server: ASUS M5A99FX Pro R2.0 | AMD FX8350 | 32GB DDR3-1600 ECC | Intel Quad Gigabit NIC | 3Ware 9650SE-12ML + BBU | 650w OCZ ZS PSU | eVGA LP 710 | 10x WD RE 4TB disks in Raid10
c0rr0sive is offline   Reply With Quote
Old 01-10-2017, 09:25 AM   #10 (permalink)
Private Joker
 
carnageX's Avatar
 
Join Date: Feb 2007
Location: South Dakota
Posts: 23,592
Default Re: Account login Security change

Quote:
Originally Posted by c0rr0sive View Post
Guess you didn't realize some people have limited bandwidth in this day and age? I only get 20GB a month max, and plenty of people still depend on dial-up because the monopolies everyone loves to support wont provide service to last mile users. I tend to get a cache hit on squid of about 8GB/month, so that's 8GB/month that I don't get docked on my monthly quota. The more websites that go to HTTPS, the fewer that can be cached on my proxy. IMO, it's stupid to think every single thing must be a secure link, because it's not truly secure. Nice to have the logon as secure, but beyond that, it's pointless.
I would rather have SSL all throughout.
__________________

__________________
Laptop: MSI GT70 2OC-059us | i7-4700MQ | 16GB | GTX 770m | 500GB SSD / 750GB HDD | 17.3" | Win10 Pro
Desktop: 4690k | 12GB g.Skill RipJaws | GTX 970 | 520hx | Z87X-UD4H | Corsair Vengeance C70 | Corsair H110 | Acer 25" | Acer 22" | Win10
Mobile: Samsung Galaxy Note 5


If I help you, or you just like what I said, rep me by clicking the under my post
carnageX is online now   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Change windows 7 login screen. luke127 Microsoft Windows and Software 4 05-27-2012 03:47 AM
Gmail Security Checklist, Improve Login Security Osiris Tips, Tricks & Tutorials 0 10-11-2010 08:31 AM
Yubico USB Key Provides Extra Login Protection [Security] Osiris Tips, Tricks & Tutorials 0 01-12-2010 08:16 AM
Can i change my Factory Restore to what i want. (change the OS and software)? pickyantivirus Microsoft Windows and Software 3 09-05-2009 05:22 PM


Our Communities

Our communities encompass many different hobbies and interests, but each one is built on friendly, intelligent membership.

» More about our Communities

Automotive Communities

Our Automotive communities encompass many different makes and models. From U.S. domestics to European Saloons.

» More about our Automotive Communities

Marine Communities

Our Marine websites focus on Cruising and Sailing Vessels, including forums and the largest cruising Wiki project on the web today.

» More about our Marine Communities


Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 05:26 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.