Suggestion To Admin: HTTPS/SSL Encryption

[Henry's Birds]

Just noticed this:

Here's a really nice website to understand how SSL/HTTPS works:
Why do we need HTTPS? - How HTTPS works

I'm sure XenForo encrypts passwords automatically, but without SSL we all could be in trouble at a cafe with a hacker there.

Let's Encrypt is a free SSL (funded by security maniacs), so if you aren't up to pay, I personally use LE, and it's just as good as a paid certificate.

Is not having it detrimental to the website? No, as long as you secure the passwords well where ever you have them stored and hashed.

Is it necessary? Yes, I'd say so. It's free as well.

Thanks!

Love,
Henry <3

 

[Karen]

I just got a new laptop and when I signed on I was notified immediately with the same message.

 

[Henry's Birds]

I just got a new laptop and when I signed on I was notified immediately with the same message.

It's not super big deal but it still probably needs to be fixed.

 

[Henry's Birds]

And I'm so stupid! I forgot the link for Let's Encrypt.

Here:
Let's Encrypt - Free SSL/TLS Certificates

 

[Henry's Birds]

Bumping this. This is important for safety of members.

 

[Macawnutz]

It's chromes new browser updates. The forum has not changed it's settings.

If you are not posting your credit card or private information.... your not to worry.

 

[Mizzely]

My understanding is that Let's Encrypt only lasts for 3 months at a time and then needs to be renewed?

 

[Henry's Birds]

It's chromes new browser updates. The forum has not changed it's settings.

If you are not posting your credit card or private information.... your not to worry.

Our passwords could be snatched if we're using public WiFi though...

 

[Henry's Birds]

My understanding is that Let's Encrypt only lasts for 3 months at a time and then needs to be renewed?

All SSL certs expire at some point - it's easy to renew.

 

[JLcribber]

Our passwords could be snatched if we're using public WiFi though...

Public Wi-Fi is dangerous no matter what you're doing.

Why would someone want my password (which is only used for this site) to a bird forum? Pretty small target. Not worth the time.

I understand though that Google is really pushing SSL for the greater good. They also said they will rank secure sites higher.

 

[Gazimon]

I guess that predators would still be interested in forum passwords as people do use repeated passwords for other accounts on different websites or services. They could just obtain email and forum passwords and test it on another site.

 

[Henry's Birds]

I guess that predators would still be interested in forum passwords as people do use repeated passwords for other accounts on different websites or services. They could just obtain email and forum passwords and test it on another site.

Correct. They can use a turbo or an account checker such as MBA Sentry with any emailassword or usernameassword DB.

 

[Henry's Birds]

Public Wi-Fi is dangerous no matter what you're doing.

Why would someone want my password (which is only used for this site) to a bird forum? Pretty small target. Not worth the time.

I understand though that Google is really pushing SSL for the greater good. They also said they will rank secure sites higher.

It doesn't take too long to set up LE and why wouldn't you want to protect the password anyways?
Although it may be a small target, some may see it as a vulnerability and use it to their advantage.

Yes, public WiFi is no bueno. Always use a VPN at cafes guys and gals