1. [2018/06/22]
    By using our forums, and our in-game services, you agree to be bound by our Privacy Policy found here:
    skullgirlsmobile.com/privacy
    Dismiss Notice

SSL for forum logins?

Discussion in 'General Discussion' started by Darcon, Jun 19, 2017.

  1. Darcon

    Darcon New Member

    Joined:
    Jun 19, 2017
    Messages:
    11
    Likes Received:
    1
    Any chance the login for these forums could be setup for secure (SSL)?

    I'm kinda paranoid about my password not being encrypted when logging in.

    Thanks!
     
    Overpass likes this.
  2. TheUltimatePowerman

    Joined:
    Jun 20, 2017
    Messages:
    55
    Likes Received:
    18
    I don't have the right to say if this feature will be added or not but I can give you a few tips on internet security:

    - Make sure you don't use the same password for any sort or private email or social networking site.
    - Try and make it as long and with as many numbers and letters it will hold as that will make it harder to decrypt the password in general.
    - Don't make it something dear to you as it can be easily guessed by friends and family (if they are the nosy type).

    These tips will make your password creating and privacy a lot more secure and sorry if you knew all these I'm just trying to help when I can XD.
     
  3. Darcon

    Darcon New Member

    Joined:
    Jun 19, 2017
    Messages:
    11
    Likes Received:
    1
    Yep, I know all of that stuff. I actually deal with the upper end of IT security IRL, so this was the reason for this post. In this case, the security recommendations don't matter if the password is sent in clear text across the wire. No amount of password requirements/length is going to help.

    What shocks me even more is how simple SSL is to set up & ensure on websites whether it's done on httpd, nginx, or IIS. Even securing Docker based web daemons with SSL isn't too difficult and that's pretty advanced.

    Something like this also makes me leary of the company, as if they're not securing something as simple as a website, what else might not be secured? (credit cards, PII, DBs).

    As an IT security professional, not taking the time to properly secure a site for your customers is sloppy and eventually may get the company in deeper trouble if it's hacked.

    I hope the people in charge of security see this as a real issue and get it resolved soon.
     

Share This Page