The DU Lounge
Related: Culture Forums, Support ForumsIs the DU login page unencrypted? Thus user credentials passed as plain text over the Internet?
Admins? Why doesn't the DU login page change to HTTPS to encrypt our login credentials to and from DU?
Sorry if this has been asked before. I couldn't find any information about this being asked before using a quick search.
scscholar
(2,902 posts)You should use a different one for every site.
ffr
(22,672 posts)And it's super simple for DU to implement HTTPS for login, just as all major E-mail sites (Gmail, Yahoo, Outlook, etc) do.
Purchase an inexpensive SSL certificate from Godaddy, for instance. DU admins install it. Voila. HTTPS and now all our user credentials are encrypted as they go over the Internet.
scscholar
(2,902 posts)so I understand why this site doesn't want to. Even the free Let's Encrypt certs are a huge hassle since they expire so quickly as is their policy in order to make them difficult to use.
ffr
(22,672 posts)are usually renewed every 3 to 5 years. Revising the SSL encryption can be performed more often, but that's up to the admin.
What SSL certificates are you talking about?
scscholar
(2,902 posts)They have over half of the HTTPS page loads now according to:
https://letsencrypt.org/stats/
They're a pain to keep up with. With the nearly three hundred we have where I work, we're updating over three certs a day on average.
ffr
(22,672 posts)if you're spending man hours chasing your tail. Just buy SSL certificates that don't expire in 90 days like the FREE ones.
Am I missing something?
CaliforniaPeggy
(149,721 posts)Here's the link:
http://www.democraticunderground.com/?com=forum&id=1259
The Lounge is not the place for questions like this.
ffr
(22,672 posts)hunter
(38,331 posts)I remember a couple of incidents here on DU where someone started posting under another user's name, but it's usually been that someone had physical access to a member's computer.
Years ago I got into trouble with Wikipedia because I'd forgotten to log out and my teenage kids and their friends decided they'd have some fun adding silly stuff to various Wikipedia pages.
Wow, did I learn how fiercely protective people are of their Wikipedia turf.
If the same happened here on DU I'm certain regulars would notice it wasn't me posting and admin would patch over any damage done.
I do expect reasonable security on my email accounts and I use a different password on every site that requires a password.