• Log in with Facebook Log in with Twitter Log In with Google      Sign In    
  • Create Account
  LongeCity
              Advocacy & Research for Unlimited Lifespans

Photo
- - - - -

Let's Move to HTTPS

https login security encryption

  • Please log in to reply
2 replies to this topic

#1 resveratrol_guy

  • Guest
  • 1,315 posts
  • 290

Posted 17 March 2015 - 12:29 AM


What would it take to force this on everyone (which in 2015 is just common sense, as opposed to obnoxious)? This website is way too valuable and we simply have too much to lose if some hacker organization wants to take us for a ride. Frankly, with medical representations at stake, we should force 128-bit passwords, but I'd settle for just HTTPS.

 

If we're going to do this, then there are also the questions of TLS version and also security certificate maintenance, which is nonzero cost and requires some expertise. I'll leave that to the admins here to decide.

 


Edited by resveratrol_guy, 17 March 2015 - 12:31 AM.

  • Good Point x 1

#2 Antonio2014

  • Guest
  • 634 posts
  • 52
  • Location:Spain
  • NO

Posted 17 March 2015 - 10:53 AM

Well, we aren't managing a lot of money nor are we storing highly valuable research data. We also don't generally use real names here nor we store bank data. Probably we don't have that much to lose in case of attack nor are profitable to crackers.


  • Ill informed x 1
  • Agree x 1

#3 resveratrol_guy

  • Topic Starter
  • Guest
  • 1,315 posts
  • 290

Posted 18 March 2015 - 02:50 PM

Well, we aren't managing a lot of money nor are we storing highly valuable research data. We also don't generally use real names here nor we store bank data. Probably we don't have that much to lose in case of attack nor are profitable to crackers.

 

I disagree. This is a society in some sense. Imagine what we would lose if Longecity suddenly disappeared, especially if backups were also destroyed, or equivalently, if it had not been backed up for a long time. And some people deface websites just to be jerks. Frankly, we're sitting ducks.

 

There are also more subtle and nefarious ways in which this could hurt us. Imagine, for example, if someone commandeered a popular user's account, and made them recommend toxic drugs or products. This would be a great way to earn money fraudulently, at the expense of our health and our members' reputations. As long as we're passing around unencrypted login credentials, we're exposed to this. It's just a matter of time.


  • Agree x 1





Also tagged with one or more of these keywords: https, login, security, encryption

4 user(s) are reading this topic

0 members, 4 guests, 0 anonymous users