Thinkpads Forum

Most of web sites of all kinds have converted to HTTPS for safety and security reason. Why not here?

Cheers, thinkpadcollection

What are the risks that require this kind of mitigation?

If you are that concerned, use an add-on like: HTTPS Everywhere

dr_st wrote:What are the risks that require this kind of mitigation?

Normal HTTP login means username and password are transmitted in plaintext (not encrypted), which makes it trivially easy to steal.

axur-delmeria wrote:

dr_st wrote:What are the risks that require this kind of mitigation?

Normal HTTP login means username and password are transmitted in plaintext (not encrypted), which makes it trivially easy to steal.

Thought as much.

I don't use the same password for forums as I do for anything personal/important, for that reason among others.

Isn't there something in the login process itself that makes it transmit only the hash, or something like that? Otherwise you'd think that millions of passwords would be stolen by trivial means in the years before most moved to https.

I thought made this clear, once you go to this forum, it is already in HTTPS website mode means secure website even you are not logged in yet, and therefore login is secure enough already as well. My browser always flag this as insecure every time I log in and the little padlock in front of website address is red cross.

Majority of the websites I visit have implemented HTTPS.

Cheers, thinkpadcollection

After reading this, I tried https on the site and got a browser warning.

This site has https via a lets encrypt certificate but it is not functioning fully. I recently dealt with a similar problem in a couple of sites of mine that had images and other content being transmitted by http which gets a browser flag these days. Fixing it in one, a Wordpress site, was done by installing a plugin that forced all content to https. The other had an Oscommerce store that just needed a couple of tweaks to the config file. This site needs some tweaking of the https but what needs to be done depends on the software used. It probably won't be that difficult and at worst will take the site offline a short while for maintenance. In my case, it didn't even require any downtime.

The https upgrade may have broken Tapatalk compatibility. I can't log in anymore via the app.

I don't have a smartphone, but you may need to change your own phone's Tapatalk link to the Forum, to reflect https://

Confirmed that https is now working here.

Cheers, thinkpadcollection

RealBlackStuff wrote:I don't have a smartphone, but you may need to change your own phone's Tapatalk link to the Forum, to reflect https://

Thanks. I don't think that's a change that users can make, but the app has started to work again in any case.

Sent from my Passport using Tapatalk

Https working. No more browser flags. I did have to login again which is normal for changing from http to https.