Jump to content

password is insecure and could be compromised


Recommended Posts

When signing into the forum now my browser tells me that the connection for entering my password is insecure and could be compromised, eavesdroppers or attackers could steal it.  Tired putting an https:// in front and it didn't work.

 

Can one of the administrators make this a secure connection?

 

Most websites I visit now are secure, especially ones that require logins including other forums I visit. 

 

Link to comment
Share on other sites

Yes we do use an older format that some new browsers identify as not secure. My page shows not secure right on the address line. It doesn't mean hackers are on this site and I'm not worried about it at all. Apparently Greg who is a serious computer guy, but who has been paying for this site for years by himself, doesn't think it is an issue. He scans the site frequently and break-in attempts, which there have been several in the time I have been a moderator on this site are stopped in their tracks immediately. You are in a double blind system. I don't even know your email. All messages are routed through the site so it would be impossible for a hacker to get directly to you. Upgrading to a newer format costs money. He already gives enough as far as I'm concerned. Mind you he doesn't even own a Toyota motorhome anymore. 

Linda S

Link to comment
Share on other sites

Understand but it's not the hackers that are on your site... it's when you login thru HTTP at your device your sending your username and password in clear text across many server and network hops to get to the forum. A hacker on any part of that hop can see this information.  The forum software plays no part in HTTPS secure authentication, so it needs no newer format . The DNS backbone server is where you need to implement the SSL certificate to enable HTTPS. I see that directnic is the DNS that hosts this forum and yes they are a ripoff when it comes to help keeping you secure, looks like they have a yearly fee of $42.00 for SSL. Sad because my sites are with Dreamhost and the "Let's Encrypt" SSL certificates are free with a click of a checkbox. DNS providers like GoDaddy and many other off this basic service for free.

 

Ironic as it seems this site does a good job using 2 factor authentication and Captcha for registration and posting thus denying hackers access but doesn't provide the "very basic" function of keeping our own members personal data like username and password secure from these hackers. Why doesn't Greg implement a simple donation button? Pretty easy with apps like PayPal. I'd easily give $20 a year to keep things rolling. I'm sure others would donate too.

 

Cheers!

 

 

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...