Secure Logon? - Raj Kaimal

Secure Logon?

I don't get it. When I need to logon to a secure site, I expect to see a https url before I enter my username and password. All the sites listed below (except Citibank) prompt you for the user name and password on a http page and it says that the information will be posted via https. Even though what they claim is correct, I do not feel comfortable with the approach. How do I know that the http page I am looking at is spoofed or not? Check out these sites:

The way I work around this is to bookmark the secure url. Example: PayPal

Is it really that CPU intensive to run the default homepage on 443? Could they have used SSL acceleration? How about a logon button on the default http page that redirects me to a https page where I can enter my credentials?

Published Saturday, February 25, 2006 2:37 PM by rajbk
Filed under:

Comments

# re: Secure Logon?

Yes, this is one of my pet peeves as well.

Saturday, February 25, 2006 7:02 PM by foobar

# re: Secure Logon?

That paypal link redirects to https for me. Also the Discover home page has a secure login "learn more" link right above the username section.

For the others though, blatently unacceptable, heck maybe even for the Discover one too, it should be https by default.

Monday, February 27, 2006 11:16 AM by Jeff Gonzalez

# re: Secure Logon?

Don't forget Bank of America! I was actually talking with a teller who tried to tell me that it was perfectly secure to login from the HTTP link on their homepage even though they have a very deeply buried HTTPS login page. Needless to say I have switched banks.

Friday, March 10, 2006 12:56 AM by Hardy Johnson

# re: Secure Logon?

I have found that some sites I use such as discover.com and chase.com do have "real" https login pages that are difficult to find.  I perform a google search for "discover secure login" or "chase secure login", double-check the URL, and I can log in through one of these pages.

Monday, June 30, 2008 7:41 AM by Brian

Leave a Comment

(required) 
(required) 
(optional)
(required)