Website Not Secure log in

Discussion in 'Ask Baldy, Blame AceRph' started by padiii, Apr 4, 2018.

  1. padiii

    padiii Been here awhile

    Joined:
    Jan 1, 2008
    Oddometer:
    550
    The newest Ipad update now lists the log in page as not secure with Safari. I also sporadically get a pop up offering some kind of deal when on the log in page. I do not enter my information, exit the log in and open the log in page once again. Sometimes the pop up returns and sometimes not. Are the pop ups from Advrider or is possibly something attempting to get log in information? Was the log in page always not secure or is that something I am just noticing?
    #1
  2. Wowser

    Wowser Adventurer

    Joined:
    Feb 18, 2018
    Oddometer:
    12
    Location:
    Ohio
    I started seeing it yesterday.
    #2
  3. TrashCan

    TrashCan Scary Jerry

    Joined:
    Oct 5, 2005
    Oddometer:
    10,822
    Location:
    Louisville, Tn
    Ads show for those that don't log on.
    #3
  4. padiii

    padiii Been here awhile

    Joined:
    Jan 1, 2008
    Oddometer:
    550
    If you mean the ad that appears as a banner, that is not what I am seeing. I do see the banner but this is an actual popup.
    #4
  5. TrashCan

    TrashCan Scary Jerry

    Joined:
    Oct 5, 2005
    Oddometer:
    10,822
    Location:
    Louisville, Tn
    :dunno

    I stay logged in.
    #5
    Bultaco206 likes this.
  6. Bultaco206

    Bultaco206 Back-to-back motos suck

    Joined:
    Feb 11, 2007
    Oddometer:
    14,244
    Location:
    Mineral Point, WI
    I just got a new iPad last week and don't get that message. But it does show on other sites that I'm not used to seeing it on. Like my company's own server and Intranet site. :rofl
    #6
  7. aldend123

    aldend123 Long timer

    Joined:
    Sep 1, 2011
    Oddometer:
    4,922
    Location:
    Bristol County MA
    Browsers are starting to be more aggressive about warning when a login page is on a standard HTTP session - as in not HTTPS. I suspect that's what you're experiencing with the new warning. This means there is slightly greater risk that your account here could be compromised. Like by someone capturing your credentials when you submit them. HTTPS encrypts the traffic, regular HTTP doesn't.

    However, since this isn't a banking website, the risk isn't exactly comparable. Do not ever ignore that warning if you are about to login in to something significant. And be skeptical if you know the site had HTTPS in the past, but you're getting a warning. Far as I know, this site has never been HTTPS.

    Reasons a website may chose not to use HTTPS is that it adds additional overhead on the server. This means it may be slower and/or cost more to operate.
    #7
  8. padiii

    padiii Been here awhile

    Joined:
    Jan 1, 2008
    Oddometer:
    550
    Ah, OK got it. I did not realize this site didnt encrypt the log in page. Thanks for the explaination.
    #8
  9. CaseyB

    CaseyB Adventually

    Joined:
    Mar 16, 2011
    Oddometer:
    874
    Location:
    The Garden State
    I think it’s an apple device problem. I took trashcans advice from a previous thread and stay logged in. Problem went away for this site at least
    #9
    68deluxe likes this.
  10. barnyard

    barnyard Verbal tactician Super Moderator

    Joined:
    Sep 23, 2007
    Oddometer:
    14,418
    Location:
    central Mn
    Plus, adv is not a secure log in site. So there is that too.
    #10
    JimVonBaden likes this.
  11. motocopter

    motocopter ˙˙˙ƃuᴉɥɔɹɐǝS

    Joined:
    Oct 5, 2012
    Oddometer:
    2,393
    Location:
    Sumner County, TN (for now)
    Right, an unencrypted site. Check out the circle "i" in the address bar.
    #11
  12. rider1150gsadv

    rider1150gsadv Long timer

    Joined:
    Oct 6, 2003
    Oddometer:
    6,335
    Location:
    Ft Likkertail , USA
    It's part of Apple's new security protocol as after the latest update it happens on my MacBook and I-pad as well.
    #12
  13. 68deluxe

    68deluxe Long timer

    Joined:
    Jun 7, 2003
    Oddometer:
    37,665
    Location:
    Phoenix AZ
    I just got that message on my Ipad this morning. It has just started with one of the newest software upgrades. I clear my Safari cache and history once a week.
    #13
  14. Trust

    Trust but verify

    Joined:
    Jun 3, 2008
    Oddometer:
    2,200
    Location:
    Still in NC
    I think this is a little bit more than just "stay logged in"...

    Your creds can be sniffed by anyone on the same network, and it really is trivial to do. Admittedly: I've never set up an HTTPS site, but I've not yet seen an official response as to why the login page (for a good start) isn't HTTPS... is this a cost matter?
    #14
  15. aldend123

    aldend123 Long timer

    Joined:
    Sep 1, 2011
    Oddometer:
    4,922
    Location:
    Bristol County MA
    But that 'on the same network' is an important bit. And there's a little more to it than one may expect. Also, it's not like your credentials to this website are highly valuable. To be fair, that isn't the only concern with HTTP, but it's usually the primary one.

    I also haven't seen an official response, but the usual reason is for server performance. Setting it up is usually fairly straight forward if you have prior experience in website administration. HTTPS adds a layer of complexity. And processing power costs money and/or results in slower website response times. Far as I know, this website remains free and advertisement-free shy of a few occasional and sporadic mentions. Don't forget that advertisements add new security concerns too, even if hosted on HTTPS. Just having the little lock in URL bar isn't some magic bullet.
    #15
  16. Trust

    Trust but verify

    Joined:
    Jun 3, 2008
    Oddometer:
    2,200
    Location:
    Still in NC
    Sure, the ‘same network’ bit is important, but then again most of us dont leave the keys in our motorcycles when we walk away either.

    Perhaps this is a significant cost matter, but that's why I'm asking. From the limited reading I've done on this, SSL can be forced on one page and one page only, (the login page,) and the benefit is simply to protect creds from being sniffed on the wire. With LetsEncrypt (as mentioned in another thead), certificates can be had for little cost, and there would be an immediate benefit.

    I know, no one on ADV is guilty of password reuse. And its not @Baldy’s job to protect them from their own bad habits. Leaving the login page unsecured just seems to be a shortcut - even if it is a logical one.

    I can see the reasons to add https, and I can hypthesize the reasons not to - I'm asking for the reasons not to. If it's a matter of manpower, then maybe there is a will in the collective community to volunteer and help with implementation. I don't know what the exact solution is, but I'm asking so that if I can be part of it, then I'll know to stand up and contribute.

    Is there someone who can give a more definitive answer, please?
    #16
  17. Trust

    Trust but verify

    Joined:
    Jun 3, 2008
    Oddometer:
    2,200
    Location:
    Still in NC
    Not ragging on Casey at all here - the problem isn't gone. The warning went away, and staying logged in works ... until you have to log in again.

    This sort of thinking is akin to an oil leak going away ... because all of the oil has drained out of the case. Problem’s not solved, just no longer apparent. :dunno
    #17
  18. ozmoses

    ozmoses ...

    Joined:
    Jul 3, 2009
    Oddometer:
    22,621
    Location:
    USA???
    In case anyone missed this:


    #18
  19. Trust

    Trust but verify

    Joined:
    Jun 3, 2008
    Oddometer:
    2,200
    Location:
    Still in NC
    I honestly don't get what that's supposed to mean.

    To be explicit: are we saying "ADV is not intended to be secure in any way, so don't care." or are we saying "Don't forget, the ADV login site is not a secure site."? Seeing as @barnyard's original post was unclear, I just want to clear it up...
    #19
  20. ozmoses

    ozmoses ...

    Joined:
    Jul 3, 2009
    Oddometer:
    22,621
    Location:
    USA???
    Yes.

    Has it bothered you for the last 8 years that it was not secure? Have you had any issues problems ?
    #20