Daily we visit many websites for checking our e-mails, shopping, trading etc. How many times do we check for the legitimacy of those websites? Generally, the website having “https:” and a green padlock is considering a safe and trustworthy. SSL certificate provides such type of security and boosts up the trust of the customers visiting your website.
Most of the online business owners think that it is only the online transaction that needs to be protected and hence depends on the trusted payment gateways and processors. Securing your whole website with SSL and not the login form is also an open invitation to the intruders.
However, many websites even the most trusted ones, fails at the smallest point when it comes to the thorough security. Some famous online brands listed below which places the customer’s credentials at risk:
GoDaddy, one of the most trusted Certificate Authority and largest domain and host provider wants you trust its non-secured login form.
Namecheap.com, another big name as domain, hosting and SSL certificate providers, provides no security for your logon process. Just visit home page and try to login with your account, it will get login information on non-secure page and will land you on secure page after successfully login to your account. However, this does not ensures the security of the credentials provided by the user and makes it vulnerable to attacks like man-in-the-middle-attack. An intruder can easily intercept the data transmitted by accessing the domains of your DNS requests or can corrupt the machines host file.
Risks associated with unsecured login form
If you will trapped in an already compromised Wi-Fi connection then chances are that an attacker will change the destination of the arrival of the submitted form (like phishing) and will trace the username and password.
In addition, if there is a person who is very much conscious about the security will opt not to deal with your website or not avail the services from you.
How can you assure the security of the login form?
- · Secure the login form with SSL certificate separately or shift the login page to a different domain, which is already secure.
- · Never just iframe the https form.
- · Enable htaccess to enforce the login pages to be https.
- · Best option - secure your whole website with SSL certificate.
Login form is the medium through which customers contacts you keeping the trust on your website and expects the same in return. It is your responsibility to secure the login form, as it becomes the easiest way for hackers to steal the user’s personal information.
0 comments:
Post a Comment