Neowin needs HTTPS login from main, not just forums


Recommended Posts

We already have a certificate, price isn't really the issue here

Sorry, just saw other people mentioning cheap $4/month certificates, and I decided I would mention a free one.

 

But really, the only ways you would be able to have HTTPS logins everywhere, would be to serve an iframe in the popup (kind of bad), or just redirect to the full login page.

Link to comment
Share on other sites

Do self-signed certificates get along well with browser security? If the browser doesn't trust a certificate's issuer, then it inherintly does not trust the certificate. Self-signed certificates are their own issuer, which causes issues for situations like this.

 

First time the browser will give you a warning but after that you can add the self-signed to your trusted list and you are okay and wont see the nag screen anymore but it will add free security. Depends on the key lenght of course, if the server is really as strained as some are saying it would be easier to buy one with lower key lenght rahter than wasting time for a self-signed.

Link to comment
Share on other sites

Just to point out what every other staff member has said already. ONLY Tier 2 (ad free) subscribers get full HTTPS browsing on Neowin, this is because none of our advertisers support ad display through HTTPS. It's one of the things I will be addressing when I go to San Francisco later this year with our main advertiser, because it does work for all the "big" sites out there (Facebook, Twitter, Google sites etc).

  • Like 2
Link to comment
Share on other sites

Some prick sniffed my password at a school computer lab. Is there any way for Neowin to get a secure logon? I know these things cost money, but it's such an easy target for any jackass with a computer. Hell, even a self-generated certificate (not from Thawte, Verisign, etc) would at least give some of us the option of using it.

When you use a pc/network that is not under your control, it is far easier for these things to happen. Let this be a lesson for you and learn from it. use a strong random password, even for a forum account, and like tiddlie stated, that neowin isn't a "Finacial institition".

 
Link to comment
Share on other sites

When you use a pc/network that is not under your control, it is far easier for these things to happen. Let this be a lesson for you and learn from it. use a strong random password, even for a forum account, and like tiddlie stated, that neowin isn't a "Finacial institition".

 

I do not think that it is very constructive and helpful to stick another person's nose in it and effectively say "see what you've done?". Not being a financial institution does not excuse a web site from taking appropriate and reasonable measures to ensure safety and security of its users' data, both in-flight and at rest. I commend Neowin for securing my login data and for striving even further than that by wanting to secure the login form itself. Let this be an example to other communities. And no, Neobond did not pay an exorbitant amount of money to me to say this.

Link to comment
Share on other sites

I do not think that it is very constructive and helpful to stick another person's nose in it and effectively say "see what you've done?". Not being a financial institution does not excuse a web site from taking appropriate and reasonable measures to ensure safety and security of its users' data, both in-flight and at rest. I commend Neowin for securing my login data and for striving even further than that by wanting to secure the login form itself. Let this be an example to other communities. And no, Neobond did not pay an exorbitant amount of money to me to say this.

Well, I guess it'll be encrypted for all eventually. Bets you are glad this topic was revived? :)
Link to comment
Share on other sites

Well, I guess it'll be encrypted for all eventually. Bets you are glad this topic was revived? :)

 

If reviving this topic leads to greater security of Neowin users' data while remaining commercially sustainable for Neobond et al to operate, then yes, I am glad.

Link to comment
Share on other sites

  • 2 weeks later...
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.