Main Area and Open Discussion > Living Room
Use a unique password for this site
db90h:
If you logout or open an ingognito tab, you may notice the login prompt in the upper left.
What you don't see is any SSL encryption.
EDIT: Since SMF hashes on the client side using javascript, you're fine, though of course all your information is still sent to the server plaintext.
db90h:
Gosh, I hated to be the one to notice and report this, but how could I not?
It's no biggie, so long as your password here is not used anywhere else, which is standard procedures.
Still, I prefer 100% SSL on *all* pages. I took this bold experiment myself. It was bold because Google treats you as a new domain and the CPU overhead can increase. My results were fine, as were Google's when they did the same to all their servers a while back.
mouser:
SSL or not -- EVERY website you use, you need to use a unique password, so that if one site gets hacked, the bad guys don't learn your logins to other sites.
db90h:
Well, that's true, in part, but since one would HOPE that any modern server would store their passwords in hashed format, not plaintext. The purpose of the hash, as you know, is to prevent it from being reversed back to it's plaintext. Thus, if they get breached, they get no passwords.
Still, it is best practices to use different passwords, for other reasons, not that one in particular.
Please don't get defensive about this, you can delete this thread, I won't mention it again. Very sorry. Trying to help, came out wrong I guess. Wanted people to realize.
db90h:
Recommend you issue a statement explaining the situation (you know it in detail) and recommended guidance. Stay ahead of it. No breach happened. No damage known to be done.
EDIT: Man, I hate i mentioned this, I am just so SSL aware right now, I couldn't help it -- especially since i just had to change a bunch of passwords, because it's hard, in practice, to use a unique password on *every* site. I reserve unique ones for mission critical sites.
Navigation
[0] Message Index
[#] Next page
Go to full version