• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

(dumb) Question about secure websites & encryption

C

Compudork

Senior member
So I just noticed when logging into my credit card account the hompage (where I enter my username and password) is not a secure page. The second I log in it pushes me to a secure page... does that mean the username and password were not encrypted, or is that piece somehow retroactively secured by the fact that I'm logging in? The page itself is not encrypted, which would lead to the obvious answer, but I just don't want to believe it.

Now that I'm checking, about half of my financial carriers online (CC's, loans, banks) do this so I'm a bit concerned.

EDIT: Nevermind. I found an article calling out the places that don't secure logon screens. I knew that was the case, but didn't want to believe that major financial companies would actually leave their logons unsecured.
 
I believe it will negotiate the SSL connection before sending the POST data, so even though the login page is not secure, the page that the login form posts to is secure, and thus your password is not sent in plain text.

However, if the insecure login page posts back to itself and then redirects, then your password is being sent in plain text.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top