Home » forums » Site Discussion

HTTPS and logins to LtU.

With the new hosting solution I'm observing that we don't have HTTPS connections on the page where people are logging in. This exposes LtU logins to HTTP eavesdroppers.

Given that lots of people use the same password across multiple sites (even though everybody already knows they oughtn't) this probably also exposes a number of users' ALT, Amazon, Ashley Madison, Banking, BeNaughty, Bing, BoingBoing, Buddybang, Craigslist, DeviantArt, Diaspora, Digg, Discord, Douyen, Ebay, EstablishedMen, Facebook, Fark, Fetlife, Flicker, Foursquare, Friendica, Gab, Glee, GnuSocial, Google, Grindr, Imgur, Instagram, Limewire, LinkedIn, LINE, LiveJournal, Mastodon, Meetup, MySpace, OKCupid, Patreon, Parler, Pinterest, PlosOne, Reddit, QQ, Qzone, Quora, ResearchGate, SecondLife, Seeking, Slack, SocialCast, Snapchat, SomethingAwful, SoundCloud, Stack Overflow, Sharesome, Steam, Telegram, Tiktok, Tinder, Truth social, Tumblr, TV Tropes, Twitch, Twitter, Vimeo, WeChat, Weibo, Viber, WattPad, WhatsApp, Wikipedia, WordPress, Yahoo, Yammer, Yelp, and Youtube passwords.

Though probably not all of them for any one person.

Just sayin, this ought to be corrected.

By Ray Dillinger at 2022-09-18 17:18 | Site Discussion | previous forum topic | next forum topic | other blogs | 1963 reads

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

HTTPS

There was no HTTPS on the previous host either, so nothing has changed in that respect.

HTTPS will be added soon though.

Given that lots of people use the same password across multiple sites (even though everybody already knows they oughtn't)

I would hope that behavior is not prevalent in the LtU audience. But now that you mention banking, I realize we've been leaving an opportunity on the table all this time...

By Anton van Straaten at Tue, 2022-09-20 06:02 | login or register to post comments