1. Welcome to Avian Avenue! To view our forum with less advertisments please register with us.
    Memberships are free and it will just take a moment. Click here

Suggestion To Admin: HTTPS/SSL Encryption

Discussion in 'Comment Court' started by Henry's Birds, 9/24/18.

  1. Henry's Birds

    Henry's Birds Meeting neighbors

    Joined:
    9/24/18
    Messages:
    46
    Real Name:
    Henry
    Just noticed this:
    [​IMG]
    Here's a really nice website to understand how SSL/HTTPS works:
    Why do we need HTTPS? - How HTTPS works

    I'm sure XenForo encrypts passwords automatically, but without SSL we all could be in trouble at a cafe with a hacker there.

    Let's Encrypt is a free SSL (funded by security maniacs), so if you aren't up to pay, I personally use LE, and it's just as good as a paid certificate.

    Is not having it detrimental to the website? No, as long as you secure the passwords well where ever you have them stored and hashed.

    Is it necessary? Yes, I'd say so. It's free as well.

    Thanks!

    Love,
    Henry <3
     
    faislaq and JLcribber like this.
  2. Karen

    Karen Rollerblading along the road Avenue Veteran

    Joined:
    10/22/09
    Messages:
    2,881
    I just got a new laptop and when I signed on I was notified immediately with the same message.
     
    faislaq and Henry's Birds like this.
  3. Henry's Birds

    Henry's Birds Meeting neighbors

    Joined:
    9/24/18
    Messages:
    46
    Real Name:
    Henry
    It's not super big deal but it still probably needs to be fixed.
     
  4. Henry's Birds

    Henry's Birds Meeting neighbors

    Joined:
    9/24/18
    Messages:
    46
    Real Name:
    Henry
    faislaq likes this.
  5. Henry's Birds

    Henry's Birds Meeting neighbors

    Joined:
    9/24/18
    Messages:
    46
    Real Name:
    Henry
    Bumping this. This is important for safety of members. :)
     
  6. Macawnutz

    Macawnutz Seriously Nutz! Super Administrator AA Advertising Exec Celebirdy of the Month Mayor of the Avenue Avenue Spotlight Award Avenue Veteran

    Joined:
    10/21/11
    Messages:
    26,461
    Location:
    Wisconsin
    Real Name:
    Sarah
    It's chromes new browser updates. The forum has not changed it's settings.

    If you are not posting your credit card or private information.... your not to worry. ;)
     
    JLcribber and Henry's Birds like this.
  7. Mizzely

    Mizzely Joyriding the Neighborhood Celebirdy of the Month Mayor of the Avenue Avenue Spotlight Award Avenue Veteran Vendor I Can't Stop Posting! BINGO CHAMPION POSTAHOLIC

    Joined:
    8/9/11
    Messages:
    20,028
    Location:
    Northern Michigan
    Real Name:
    Shawna
    My understanding is that Let's Encrypt only lasts for 3 months at a time and then needs to be renewed?
     
  8. Henry's Birds

    Henry's Birds Meeting neighbors

    Joined:
    9/24/18
    Messages:
    46
    Real Name:
    Henry
    Our passwords could be snatched if we're using public WiFi though... :(
     
  9. Henry's Birds

    Henry's Birds Meeting neighbors

    Joined:
    9/24/18
    Messages:
    46
    Real Name:
    Henry
    All SSL certs expire at some point - it's easy to renew.
     
  10. JLcribber

    JLcribber Joyriding the Neighborhood Celebirdy of the Month Mayor of the Avenue Avenue Spotlight Award Avenue Veteran Shutterbugs' Best

    Joined:
    10/16/09
    Messages:
    18,974
    Location:
    Alberta, Canada
    Real Name:
    John
    Public Wi-Fi is dangerous no matter what you're doing.

    Why would someone want my password (which is only used for this site) to a bird forum? Pretty small target. Not worth the time.

    I understand though that Google is really pushing SSL for the greater good. They also said they will rank secure sites higher.
     
    Henry's Birds likes this.
  11. Gazimon

    Gazimon Walking the driveway

    Joined:
    11/9/17
    Messages:
    203
    Location:
    Singapore
    I guess that predators would still be interested in forum passwords as people do use repeated passwords for other accounts on different websites or services. They could just obtain email and forum passwords and test it on another site.
     
    greys4u likes this.
  12. Henry's Birds

    Henry's Birds Meeting neighbors

    Joined:
    9/24/18
    Messages:
    46
    Real Name:
    Henry
    Correct. They can use a turbo or an account checker such as MBA Sentry with any email:password or username:password DB.
     
  13. Henry's Birds

    Henry's Birds Meeting neighbors

    Joined:
    9/24/18
    Messages:
    46
    Real Name:
    Henry
    It doesn't take too long to set up LE and why wouldn't you want to protect the password anyways?
    Although it may be a small target, some may see it as a vulnerability and use it to their advantage.

    Yes, public WiFi is no bueno. Always use a VPN at cafes guys and gals :)
     

Users Viewing Thread (Users: 0, Guests: 0)