AK site and login unsecure warning messages

KKnight

Active Member
Seems AK has never 'upgraded' to the standard HTTPS. With every version of Firefox since v50, always get warning messages about unsecure site, and login warnings.
 
I get the same warning, on my computer that still has Windows 7, but not on one with Windows 8 or Windows 10. So, not every copy of Firefox out there is going to give the warning, yet.

I assume that as browser updates come, the browsers on those other computers will start to complain about it, too...

Regards,
Gordon.
 
Whole can of worms with portable devices, ain't it?

Besides, I just did a scan of the forums I visit regularly, and not one has HTTPS enabled ...

PS ... be interesting to see if Chrome follows suit ...

Oh. Firefox has had the "not secure" logo on the top bar for quite some time now.

example-dot-com-control-center-600x417.png
 
Whole can of worms with portable devices, ain't it?

Besides, I just did a scan of the forums I visit regularly, and not one has HTTPS enabled ...

PS ... be interesting to see if Chrome follows suit ...

"https everywhere" is nice in theory except that part where a centralized CA could be compromised and that would be a whole big can of worms.

And this CA could be utilized in nefarious fashion by some organizations.

And it does not really address people using stupid passwords or not using things like two factor authentication.

You all use two factor authentication right ??

Here ??

Frannie
 
Use "password" for your password on the forums. That way you can always say it's someone else who posted up something particularly stoopid ... <G>

2FA seems a bit extreme for a forum though ...

computers-computer_security-retina_scan-urine_sample-authentication-website-llan1190_low.jpg
 
Use "password" for your password on the forums. That way you can always say it's someone else who posted up something particularly stoopid ... <G>

2FA seems a bit extreme for a forum though ...

Perhaps but it honestly is easy peasy here to do. So why not ??

Some other places not so much but you can pick your battles against the azz clowns of the hacking world.

Frannie
 
PS ... be interesting to see if Chrome follows suit ...
They beat firefox to it actually, they just do it in a less "in your face" manner.

I run several sites myself, including some Xenforo forums, and while I understand the SSL issues and all that, I don't like how it is being forced onto admins. Certificates can be had for free now (Let's Encrypt, for one). My main problem with the way the browsers are doing it is demonstrated by the existence of this thread. The error message just causes more grief for admins who have enough on their plate, then have to explain what is going on. I had to make an admin post on a large forum just a few days ago explaining that it has been this way for the fifteen years the forum has been around, and nothing has changed. I'm going all-SSL but have other things on my plate that are more important at the moment. It's a bit of work getting things redirected and working properly, so it's not like we can flip a switch and make everything secure.

It's not like AK is directly taking credit card numbers or storing a lot of members' personal information here--it's a forum. All that is happening is that the username and password are being sent in the clear (not encrypted) across the Internet. And anyway, everyone with accounts on the Internet should be using a complex password (upper- and lowercase letters, numbers, special characters), and a different password at each site. Right? :)
 
Agreed ... Chrome has the same notifications, but only if you want them. All I see here is the green lock or information icon next to the address.

And ya ... all my passwords are "strong" and different for each site ... and I haven't a clue what any of them are. Browser stores those for me and fills them in automagically. <G>

That's where something like Password Safe comes in handy. Anytime I need a password, I create a new listing in that, let the software generate a password, then copy that to the website. Also handy for storing responses to the 2FA checks mentioned earlier.

Now all I gotta remember is the password to Password Safe. Let me see ... it's ... ah, crap! <G>
 
I get this error too in addition:
"The owner of audiokarma.org has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website."
 
I get this error too in addition:
"The owner of audiokarma.org has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website."
That is because they are using the default self signed "Snake Oil" cert.

Frannie
 
Not being a cell user, will 2-factor eventually keep me off the 'net?
They have Mac/Windows computer applications for some of that.

Like Symantec VIP Access which works with Paypal for example.

https://m.vip.symantec.com/

I personally don't care for two factor authentication that relies on a smart phone as that is IMHO not really secure and means you have to give your mobile number to sites.

Frannie
 
Still happening on my PC..."This connection may be not be secure...blah, blah, blah. However on the Mac, no warnings when logging into AK.

Q
 
Still happening on my PC..."This connection may be not be secure...blah, blah, blah. However on the Mac, no warnings when logging into AK.

Q
And you are using the same browser on both devices ??

Frannie
 
Back
Top Bottom