# Site Security



## rfdesigner (Mar 17, 2017)

Hi.

Firefox has recently updated to yet another new version.

Crucially this has a new catch for sites that ask for passwords, in that it warns you if it isn't using an https connection but http instead, which apparently allows "bad people" to see your password.

I first found this out trying to log in here.

I've gone and checked and it seems that if I come to the front page then click on the forums tab the page it takes me to (with the login in the top right hand corner) isn't https.

Is this something to do with the link the site has in it, or is it my PC?

PC: Win7x64, Firefox 52.0


----------



## Mt Spokane Photography (Mar 17, 2017)

Everyone who uses firefox is getting this on most of the websites they login to. The issue is that passwords are sent un-encrypted. The internet is full of posts about ways to get rid of the message, virtually no web sites use SSL except for ones doing financial transactions. Google Chrome does the same

Many people use free wi-fi provided at public places, and it is a potential risk of interception in that case to everyone.

I would make sure that you never use the same password for a site like this as you do for other sites, because, hackers with the desire and resources could intercept login information. The CIA, or other state sponsored hackers can get to almost anything. 

I'm not really worried if they get my password and login since they are unique. I use software called Roboform to generate random passwords of whatever length I need, and they can include most characters. This means I can have hundreds of passwords for every login. They can be encrypted and stored on a thumbdrive (s) where they are password protected as well. In a setup like that, you only have to remember one complex password that cannot be guessed.

Since I use Firefox, and it was annoying, I disabled the message.


----------



## Mt Spokane Photography (Mar 17, 2017)

Here is a link if you want to disable it. 

http://www.tnhonline.com/2017/03/13/firefox-52-disable-insecure-password-warnings/

There is a big issue for adding SSL to a web site, the security protocol slows everything down and for those who do not have super fast internet connections, it can make a site unusable.


----------



## rfdesigner (Mar 17, 2017)

Mt Spokane Photography said:


> Everyone who uses firefox is getting this on most of the websites they login to. The issue is that passwords are sent un-encrypted. The internet is full of posts about ways to get rid of the message, virtually no web sites use SSL except for ones doing financial transactions. Google Chrome does the same
> 
> Many people use free wi-fi provided at public places, and it is a potential risk of interception in that case to everyone.
> 
> ...



thanks

Incidentally I found I could use https://www.canonrumors.com and lo and behold everything worked, no warnings.

I've now updated my shortcut to suit.


----------



## LDS (Mar 17, 2017)

Mt Spokane Photography said:


> virtually no web sites use SSL except for ones doing financial transactions.



Well, not true. More and more sites are switching to SSL, especially those who requires logins and let user post. But SSL also ensures data aren't tampered with.



Mt Spokane Photography said:


> Many people use free wi-fi provided at public places, and it is a potential risk of interception in that case to everyone.



The risk is far higher if the sites you connect to doesn't use SSL. 



Mt Spokane Photography said:


> I would make sure that you never use the same password for a site like this as you do for other sites,



That's a very good advice. But still, there are many other reason to use SSL (for example, to avoid someone alters the contents to deliver some nasty surprise).


----------



## brad-man (Mar 17, 2017)

LDS said:


> Mt Spokane Photography said:
> 
> 
> > virtually no web sites use SSL except for ones doing financial transactions.
> ...


----------



## pwp (Mar 17, 2017)

I have always had https://www.eff.org/https-everywhere installed as a Firefox add-on

-pw


----------



## rfdesigner (Mar 19, 2017)

Brillant, thanks.

HTTPS everywhere now installed.


----------



## Mt Spokane Photography (Mar 19, 2017)

pwp said:


> I have always had https://www.eff.org/https-everywhere installed as a Firefox add-on
> 
> -pw



I had previously considered installing it, but it had a really poor rating on the firefox site that I decided to just disable the warnings. They even popped up a warning when logging into my NAS.


----------

