• [2018/06/22]
    By using our forums, and our in-game services, you agree to be bound by our Privacy Policy found here:
    skullgirlsmobile.com/privacy

SSL for forum logins?

Darcon

Darcon

New Member
Joined
Jun 19, 2017
Messages
11
Reaction score
1
Points
3
Age
49
Any chance the login for these forums could be setup for secure (SSL)?

I'm kinda paranoid about my password not being encrypted when logging in.

Thanks!
 
  • Like
Reactions: Overpass
I don't have the right to say if this feature will be added or not but I can give you a few tips on internet security:

- Make sure you don't use the same password for any sort or private email or social networking site.
- Try and make it as long and with as many numbers and letters it will hold as that will make it harder to decrypt the password in general.
- Don't make it something dear to you as it can be easily guessed by friends and family (if they are the nosy type).

These tips will make your password creating and privacy a lot more secure and sorry if you knew all these I'm just trying to help when I can XD.
 
TheUltimatePowerman said:
I don't have the right to say if this feature will be added or not but I can give you a few tips on internet security:

- Make sure you don't use the same password for any sort or private email or social networking site.
- Try and make it as long and with as many numbers and letters it will hold as that will make it harder to decrypt the password in general.
- Don't make it something dear to you as it can be easily guessed by friends and family (if they are the nosy type).

These tips will make your password creating and privacy a lot more secure and sorry if you knew all these I'm just trying to help when I can XD.
Click to expand...

Yep, I know all of that stuff. I actually deal with the upper end of IT security IRL, so this was the reason for this post. In this case, the security recommendations don't matter if the password is sent in clear text across the wire. No amount of password requirements/length is going to help.

What shocks me even more is how simple SSL is to set up & ensure on websites whether it's done on httpd, nginx, or IIS. Even securing Docker based web daemons with SSL isn't too difficult and that's pretty advanced.

Something like this also makes me leary of the company, as if they're not securing something as simple as a website, what else might not be secured? (credit cards, PII, DBs).

As an IT security professional, not taking the time to properly secure a site for your customers is sloppy and eventually may get the company in deeper trouble if it's hacked.

I hope the people in charge of security see this as a real issue and get it resolved soon.
 
You must log in or register to reply here.
Top Bottom
Back