Jump to content
kknight

Not secure

Recommended Posts

Yes, it's said that at least since I first joined in 2018.  The reason is that this site uses HTTP rather than HTTPS.  HTTP is not encrypted and does not use any SSL certificate like most commercial sites.

Share this post


Link to post
Share on other sites

It's actually an option with the hosting they have. They have to pay for the certificate, yearly renewal, but I think that's it. It's a non-significant cost, but it cost nonetheless. With more sites using SSL or TLS, it's pretty common. Might be something to look into.

As it stands, your username and password are being sent in the clear. Somebody at the ISP or on your wireless network could sniff out your password. It's a good idea to never use the same password on any site anyways. I use something like LastPass to organize my passwords. All I have to know is this single password to get into that and any multi-factor authentication to use it. It makes it pretty simple, even my mom uses it.

  • Like 3
  • Thanks 1

Share this post


Link to post
Share on other sites
12 minutes ago, Micah said:

It's actually an option with the hosting they have. They have to pay for the certificate, yearly renewal, but I think that's it. It's a non-significant cost, but it cost nonetheless. With more sites using SSL or TLS, it's pretty common. Might be something to look into.

As it stands, your username and password are being sent in the clear. Somebody at the ISP or on your wireless network could sniff out your password. It's a good idea to never use the same password on any site anyways. I use something like LastPass to organize my passwords. All I have to know is this single password to get into that and any multi-factor authentication to use it. It makes it pretty simple, even my mom uses it.

Something to consider for sure.  Jeremy @TheClark do you know what this would cost on an annual basis?

  • Like 1

Share this post


Link to post
Share on other sites
17 hours ago, albertareef said:

Something to consider for sure.  Jeremy @TheClark do you know what this would cost on an annual basis?

It may depend on your hosting.  They may require you to use their own CA.  If that's the case, you should probably reach out to them.    If you can use any ole cert, then there are budget cert companies out there that will at least remove the "NOT SECURE" message - though it won't be as good as say Rudy's 60 dollar cert (assuming it's a verisign/other large brand). 

  • Thanks 1

Share this post


Link to post
Share on other sites
3 hours ago, Chief said:

Looks like it is about $150/yr with godaddy

 

549FD4D9-99D1-43D5-8256-CB55AAC20FFD.png

Thanks Jay - what are your thoughts on going that route?

Share this post


Link to post
Share on other sites
3 hours ago, Chief said:

Looks like it is about $150/yr with godaddy

 

549FD4D9-99D1-43D5-8256-CB55AAC20FFD.png

@Chief Please PM me about this.  I'm an IT security professional and I have some questions/comments about our hosting & SSL options.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...