HTTPS

What features and fixes would you like to see here at erfworld.com?

HTTPS

Postby quindraco » Wed Sep 23, 2009 11:12 pm

Is there a reason the web site doesn't use secure http? I'm a bit nervous about my password leaking out.
--
QuinDraco
User avatar
quindraco
 
Posts: 34
Joined: Sun Jul 12, 2009 4:23 am

Re: HTTPS

Postby MarbitChow » Thu Sep 24, 2009 1:10 am

It doesn't use HTTPS because there is no critical data stored here.
Do not use the same username and password at a site like this that you would use for important sites such as banking or credit cards, and you'll be fine.
Since it's a low-value site (financially), there is very little reason for someone to target it.
Equilateratoria is now underway. New players are welcome to join at any time! (Rules)
User avatar
MarbitChow
 
Posts: 2509
Joined: Thu Apr 30, 2009 5:41 pm

Re: HTTPS

Postby harknell » Thu Sep 24, 2009 7:37 am

If you are concerned about the store site you should know that we use Paypal to do the actual credit card processing, and once you go to their site to enter your information you are using an SSL connection during that process, so your financial information is never exposed.
Webmaster for the comic Stupid and Insane Defenders Against Chaos: http://www.onezumi.com
Webmaster for the comic Erfworld: http://www.erfworld.com
harknell
Site Admin
 
Posts: 189
Joined: Fri Dec 19, 2008 10:49 am

Re: HTTPS

Postby chimera » Thu Oct 15, 2009 3:02 am

In general it's important to use different passwords for different sites and security levels. To give you an idea of how the breakdown ought to work:

1. Web Mail: You should have a unique, strong password that you do not share for all of your email accounts. If one of these gets broken someone can reset any password for any other account which is tied to it, so this can be just as important as a banking password.

2. Banks or Financial Sites: These also need strong unique passwords. If one gets broken be it by brute force, phishing or plain old theft you need to make sure that everything else remains safe for damage control purposes. It's better to put out one fire than three.

3. Forums, Subscriptions, games and other Junk: These can use relatively weak passwords and there is no reason for you not to repeat passwords between them. If you feel that your reputation matters a lot for a particular forum or community it might make sense to use a unique password for it, but having this compromised doesn't really cost you anything. These are all endpoints that store non-vital information and these are also the least likely to be secured in general.
chimera
 
Posts: 5
Joined: Sun Aug 23, 2009 3:38 am


Return to Suggestions/Requests

Who is online

Users browsing this forum: No registered users and 1 guest