Thursday, April 16, 2015 passwords sent over HTTP

Arstechnica posted an article saying that's login page has been running HTTP for quite some time now. It appears to be a mistake of some kind, not intentional.

But, why is running an HTTP login page bad?

As you've heard me say before here and here, having an HTTP login page means your password is traveling the internet from your device all the way to the web server in plain text. Anybody or anything in-between able to see your traffic is also able to see your password.

I don't use, but if you do, consider resetting your password.

Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.

1 comment: