Results 1 to 3 of 3

Thread: insecure login

  1. #1
    pp Pianissimo Dogstar's Avatar
    Join Date
    Jul 2012
    Location
    North Ga.
    Posts
    103

    insecure login

    I am getting a notification when logging in that the login page is insecure. Browser is Firefox 53.0 in Linux. The faq says this is because the page is just WWW rather than HTTPS. Has anyone else noticed this? Is it something to be concerned about?

    - - - Updated - - -

    Sorry! I should have searched first.

    After posting I noticed that this matter has been addressed and is in process of being changed.

    Thanks for your efforts admin.
    Allen ADC 1000
    Large Beagle

  2. #2
    mp Mezzo-Piano AllenAnalog's Avatar
    Join Date
    Nov 2014
    Location
    Denver, Colorado
    Posts
    328
    Yes, the latest version of Firefox is giving that warning for all web sites that require a password to enter that use http instead of https. I log into several sites that require a password which will probably never have a security certificate, including my own private photo album site.

    I've just decided to change my passwords for those sites that are not secure so that they are is not shared with any of the sites that now provide secure logins. That way if a password is compromised it won't give access to anything of mine that is sensitive.
    Larry

    Main: Allen RMWTHEA.3 with Rocky Mount piano, Allen 423-C + Gyro cabinet, Britson Opus OEM38, Saville Series IV Opus 209, Steinway AR Duo-Art, Mills Violano Virtuoso with MIDI, Moller Artiste organ roll player
    Lower Level: Hammond 9812H with roll player, Gulbransen Rialto, Roland E-200, Vintage Moog
    Shop: Mason&Hamlin AR Ampico piano, Allen ADC-5300-D with 18 speakers, 4 matching Allen tone cabinets (including 2 Gyros, but don't call me Gyro Gearloose!).

  3. #3
    Administrator Admin's Avatar
    Join Date
    Jun 2003
    Location
    Arizona
    Posts
    2,866
    You can sign in using https, but there are some minor issues.

    First, you cannot access the Forum via https://organforum.com as this page always redirects to http://organforum.com/forums.

    If you want to sign-in securely the best way is to bookmark this url and sign in from there:
    https://www.organforum.com/forums/login.php?do=login

    You can also go directly to https://organforum.com/forums and log-in in the usual manner from there, but the first attempt will fail and you'll be redirected to the url above for a second attempt, so you might as well use that url in the first place.

    Once you've signed in securely, you might see a message that some page content is being blocked. That is because some of the Forum's page content-- ads, images, and feeds-- are provided through http: connections and the browser will block those connections for https: sessions.

    While it's great that browsers are encouraging security, the rest of the internet is not totally prepared to seamlessly support it.

    As the only possibly sensitive information stored in your Forum profile is your email address, I think the best option at this time is to do what Larry suggests and use a dedicated password for the Forum and sign in with the usual http: session. That way, if someone does sniff out your password during sign-in, they'll be no compromise to your log-ins to your critical sites.

Similar Threads

  1. Forum Login Security
    By myorgan in forum Forum Help & Tips
    Replies: 6
    Last Post: 02-21-2017, 12:09 AM
  2. strange login behaviour
    By Havoc in forum Forum Help & Tips
    Replies: 12
    Last Post: 09-28-2013, 12:11 PM
  3. Can't login?
    By JamesonC in forum Forum Help & Tips
    Replies: 1
    Last Post: 12-06-2009, 01:25 PM
  4. Automatic login not working the last few days?
    By Havoc in forum Discussion Forum Suggestions
    Replies: 2
    Last Post: 05-29-2007, 11:55 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •