http secure??

Discussion in 'other security issues & news' started by lhnorm, Sep 22, 2004.

Thread Status:
Not open for further replies.
  1. lhnorm

    lhnorm Registered Member

    Joined:
    Sep 22, 2004
    Posts:
    2
    My bank's home page has fields for userid and password when it it is showing http:// and not https:// They keep assuring me that my user id and password are secure.

    If I enter my userid and password while the url is showing http, I get back an https screen with my account information.

    Is there a way I am not aware of to encrypt the password without https showing??
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Take a look at this topic for some background on this issue:

    https://www.wilderssecurity.com/showthread.php?t=7914

    The bank may very well be passing your password securely by having the 'login action' itself take the information entered on the page and encrypt it prior to sending it in for verification. The password doesn't actually leave your system until you hit 'login' (or whatever the button is called on the screen where you entered your username and password).

    Now, most of us want all our interactions with online banks, to be passed using SSL encryption (via https pages) for the entire session, from start to finish. All the online banks and credit card companies I use are fully encrypted all the time, so it surprises me that your bank isn't doing that. It's mostly for people's comfort and reassurance.

    As I mention in the other thread, it is certainly possible to have the login credentials passed with the bare minimum of SSL usage, but for a financial site? - no, give me SSL on every page.
     
  3. MikeBCda

    MikeBCda Registered Member

    Joined:
    Jan 5, 2004
    Posts:
    1,627
    Location:
    southern Ont. Canada
    My bank (and I deal with one of the largest in Canada) has its entire site encrypted, so you get the secure-site thing starting with and including their front page. It used to be that you only got transferred to a secure-site connection if you wanted to log in, but now you get that even for news releases and other general info.

    And from what LWM's said, it sounds like that's a growing trend among banks these days.
     
  4. Hans 01

    Hans 01 Registered Member

    Joined:
    Oct 16, 2003
    Posts:
    49
    I apologise if this is a silly question, but is a secure site any protection against keylogging spyware in a home PC?
    I only use internet banking with 1 of my banks as it issues me with "use-once only" code numbers (scratch-card). My 2nd bank is strictly "telephone banking" as these keylogging spywares scare the hell out of me.
    / H
     
  5. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    No if you have a keylogger on your computer it will log what you type before it gets to the secure site, it grabs it right in you comp. And they are a little scarry.

    bigc
     
  6. Hans 01

    Hans 01 Registered Member

    Joined:
    Oct 16, 2003
    Posts:
    49
    Thanks Bigc, at least my fears in this regard are confirmed. And that's important to a novice like myself.
    / H
     
  7. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    It just pays to keep alert and always expect that the worse can happen. About all you can do is keep your security apps updated and keep your eyes open wide.

    good luck

    bigc
    you might want to check out this thread here
     
  8. lhnorm

    lhnorm Registered Member

    Joined:
    Sep 22, 2004
    Posts:
    2
    Thanks for your reply. That was very helpful.

     
Loading...
Thread Status:
Not open for further replies.