Discussion in 'Forum Help & Announcements' started by Phil12, Apr 12, 2017.
The website is not https://. Why not?
SSL certificates aren't free? (Let's Encrypt aside)
They aren't asking for anything on the site that is 'sensitive'?
This is on the roadmap, but currently there are various issues with some content not being SSL compatible.
Thank you for letting me know.
Hmmmm......wonder if I made a mistake configuring this forum to manage my online savings account.
I did my taxes on it this year.
Unsecured websites subject you the possibility that someone can steal your password and also have access to your session cookies because they are not encrypted. As I'm sure you know, some people use the same password on multiple sites and without a secure session your computer could be hacked.
But this is the only site I use "churrosrock123#" as my password.
IMO, if someone uses the same password for a discussion forum with potentially millions of viewers as he/she uses for a financial or any other vulnerable site, I would consider it Darwinism at work. My password here is in no way related to the ones (yes, you should have multiple, unrelated ones) used elsewhere.
Now, if someone logs on here as me, I'll be angry but it won't hurt me IRL. @wdwmagic would have to deal with the mess.
But there are other exploits that can happen to you that are more troublesome. I won't elaborate for the obvious reason.
That is the chance you take with the internet. There is always someone looking to steal from you - although I've had more trouble with identity theft in the "real world." rather than on this forum. Do what you can to prevent it, and decide if it's worth the risk to post on forums you consider unsafe.
You have a far greater chance of someone gaining your personal information through social media via hacking than you do a forum like this.
I assume you are aware that you can login directly to WDWMagic from social media.
Who's actually using social media to log in though, thats the question.
Actually, both Twitter and Facebook have HTTPS login security.
Separate names with a comma.