Daily we visit many websites
for checking our e-mails, shopping, trading etc. How many times do we check for
the legitimacy of those websites? Generally, the website having “https:” and a
green padlock is considering a safe and trustworthy. SSL certificate provides
such type of security and boosts up the trust of the customers visiting your
website.
Most of the online business
owners think that it is only the online transaction that needs to be protected
and hence depends on the trusted payment gateways and processors. Securing your
whole website with SSL and not the login form is also an open invitation to the
intruders.
However, many websites even
the most trusted ones, fails at the smallest point when it comes to the
thorough security. Some famous online brands listed below which places the
customer’s credentials at risk:
GoDaddy, one of the most trusted Certificate Authority
and largest domain and host provider wants you trust its non-secured login
form.
Namecheap.com, another big name as domain, hosting and
SSL certificate providers, provides no security for your logon process. Just
visit home page and try to login with your account, it will get login
information on non-secure page and will land you on secure page after
successfully login to your account. However, this does not ensures the security
of the credentials provided by the user and makes it vulnerable to attacks like
man-in-the-middle-attack. An intruder can easily intercept the data transmitted
by accessing the domains of your DNS requests or can corrupt the machines host
file.
Risks
associated with unsecured login form
If you will trapped in an already compromised Wi-Fi connection
then chances are that an attacker will change the destination of the arrival of
the submitted form (like phishing) and will trace the username and password.
In addition, if there is a person who is very much
conscious about the security will opt not to deal with your website or not
avail the services from you.
How
can you assure the security of the login form?
- ·
Secure the login form with SSL certificate
separately or shift the login page to a different domain, which is already
secure.
- ·
Never just iframe the https form.
- ·
Enable htaccess to enforce the login pages
to be https.
- ·
Best option – secure your whole website with
SSL certificate.
Login form is the medium through which customers contacts
you keeping the trust on your website and expects the same in return. It is
your responsibility to secure the login form, as it becomes the easiest way for
hackers to steal the user’s personal information.
About Author:
Peggy is sales and marketing head at theSSLshop, a
leading SSL certificate provider. She is having over 7 years of experience
working with security product sellers and recommend RapidSSL certificate if you are looking for low cost security solution.
She has published numerous articles on SSL certificate and security products.
Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription or become our Facebook fan! You will get all the latest updates at both the places.
