# BBS Security (HTTPS)



## TravelSFO (Mar 28, 2012)

Would it be possible the BBS admin to implement https for the login page?  Many TUGgers will be logging in from unsecured networks and, as it stands, are sending their credentials in the clear.


----------



## Kagehitokiri2 (Mar 28, 2012)

TravelSFO said:


> Would it be possible the BBS admin to implement https for the login page?  Many TUGgers will be logging in from unsecured networks and, as it stands, are sending their credentials in the clear.



which is why you should use passwords you dont care about for things like forums


----------



## TUGBrian (Mar 28, 2012)

agreed, we certainly suggest not using your personal name/email as your username, and definately dont use the same password you use to secure anything important.


----------



## Numismatist (Mar 28, 2012)

TUGBrian said:


> ...and definately dont use the same password you use to secure anything important.



TUG is important!


----------



## TUGBrian (Mar 28, 2012)

haha...this is true...but the information someone woudl gain by knowing your TUGBBS login and password are likely a bit less important =D


----------



## TravelSFO (Mar 28, 2012)

*I hope that you make this clear to all TUG members.*



TUGBrian said:


> agreed, we certainly suggest not using your personal name/email as your username, and definately dont use the same password you use to secure anything important.



Not everyone cares (or know that they should care) about whether they are sending their credentials over non-HTTPS.  TUG members are probably at greater risk because they often used an unsecured timeshare/hotel wi-fi connection while traveling.  

I'd bet money that there are plenty of folks on TUG who use the exact same username/password combo for an email account or something worse, like a bank account.

Just asking for your assistance in helping to protect TUG users if only to caution.


----------



## Kagehitokiri2 (Mar 28, 2012)

*TravelSFO*, how familiar are you with online security?

secure has a cost.

no forums are secure. i dont think any social media is secure.

there are commercial sites that have unsecure signups/logins and even major corporate sites where they are secure, but do not have a dedicated secure login page.


----------



## TravelSFO (Mar 28, 2012)

Kagehitokiri2 said:


> *TravelSFO*, how much experience do you have with online passwords?
> 
> secure has a cost.
> 
> ...



There are different levels of secure.  I'm not suggesting you secure the entire site.  I'm just asking for basic security for the user's credentials not being sent in the clear.  That means just https for the login page.


----------



## Makai Guy (Mar 28, 2012)

TravelSFO said:


> There are different levels of secure.  I'm not suggesting you secure the entire site.  I'm just asking for basic security for the user's credentials not being sent in the clear.  That means just https for the login page.



Every bbs page is a login page.  All are directly accessible and contain the login fields in the upper right if you're not logged in.


----------



## Kagehitokiri2 (Mar 29, 2012)

TravelSFO said:


> There are different levels of secure.  I'm not suggesting you secure the entire site.  I'm just asking for basic security for the user's credentials not being sent in the clear.  That means just https for the login page.



name one forum that has secure login.

facebook (nothing is bigger) is NOT secure.


----------



## hypnotiq (Mar 29, 2012)

Kagehitokiri2 said:


> name one forum that has secure login.
> 
> facebook (nothing is bigger) is NOT secure.



It is if you use https://www.facebook.com


----------



## Kagehitokiri2 (Mar 29, 2012)

hypnotiq said:


> It is if you use https://www.facebook.com



ah, ok, now the articles mentioning secure login (with rest being unsecure) make sense


----------

