Good job on HTTPS!

Jan 28, 2017 at 6:09 AM
Junior Member
"Wow! The more I drink of this magical beverage, the more games I can play! Wheee!"
Join Date: Dec 27, 2016
Location:
Posts: 29
I use a password manager and use different passwords everywhere so this isn't really a big problem for me, but a lot of people use the same password everywhere, so it's good that this website is getting HTTPS! If you guys don't know what I'm talking about, see that green lock next to your URL bar? That means that anything that you put into the website (like a password) is encrypted (scrambled up) before reaching the server, then it is decrypted. If an attacker was on your network, say 2 weeks prior, before the website got HTTPS, they would be able to view you password in plaintext (not encrypted). Now, I, and probably no one else, cares too much about their account on this particular forum, but if you use that password anywhere else, they could use that password there too and gain access to your account. Also, even before now, this website supported 2-Step Verification. (after signing in, in addition to your password, you would get a code on an app on your phone. Type in the correct code, you're in! Don't, and you don't gain access. Simple.) It's nice to know that the owners of this website care about security. They are probably hashing and salting our passwords too. (Here is a video explaining that:
) Now that I think about it, this small little meager website probably has more security that Yahoo, a huge mega-corporation, haha.

(50% of all websites use HTTPS. Thanks for helping us boost that number and possibly become the majority.)
 
Jan 28, 2017 at 8:16 AM
Administrator
Forum Administrator
"Life begins and ends with Nu."
Join Date: Jul 15, 2007
Location: Australia
Posts: 6211
Age: 38
Actually I feel the need to note that https only secures the transmission of data. To obtain your password someone would have to intercept and monitor your transmissions specifically for any website that you might enter a password for. Effectively it is possible, but no-one would ever bother with it unless it was some stupidly high profile site, or credit card details were involved. Exploiting vulnerabilities or employing keyloggers is much more efficient, and both are things that https cannot defend against. So do not ever make the mistake that https makes a website secure, because it doesn't.

Hell, the simple fact that you let some program remember your passwords for you is a security flaw in itself, because those passwords would need to be stored on your computer in a retrievable state..
 
Last edited:
Top