Safe Login

[crooknees]

I have just logged in with FireFox and got an in-secure notice. Apparently our passwords are not safe and can give access to the site. I'm an aged luddite and therefore hand over the problem to the Techies, if it is a genuine problem. 
May be nothing to worry about but we don't want stawkers, do we?

[MrIminei]

Hi Crooknees

The whole of the internet is moving towards https. http is "Hyper Text Transfer Protocol" which is the protocol (language) that has been used for web browsing since the world wide web was created. Https is the secure version where your data (including passwords) is encrypted (scrambled). Generally modern web browsers (Chrome, Safari, IE, Edge etc) show a green padlock in the address bar when you are connected to a trusted https site (trusted insofar as their encryption certificate is known to be good). You should never enter your card details or any sensitive information into a non trusted site.

Since a recent upgrade Firefox warns users if the site is not using https, which is what you are seeing.

For sites like ours and many others the risk is very small. Somebody could tap into our traffic and extract passwords. The CIA or GCHQ could park outside your house and snoop on your Wifi. The risk is greater if you use free and open wifi in public places, because you don't know who else is connected to that wifi network and what they might be snooping on.

My personal opinion is that a sewing forum is unlikely to attract the attention of serious hackers. The trouble we and all forums have is people try to get in so they can use the email server to send spam. That is an age old problem (and why we don't do automatic activation of new accounts)

The best thing you can do on the internet is use strong passwords and (excuse me for shouting) DON'T USE THE SAME PASSWORD ON MULTIPLE SITES!

However, we don't want to put people off when they find us with messages that are worrying, and are therefore looking into moving to https. It requires us to apply for an encryption certificate and once issued we have to apply it to our domain - so it's not something we can just switch on.

In the meantime please don't worry. I'm happily here and not concerned about my security. I also use a cycling forum and a sailing forum. Neither are using https, nor does Stitchers Guild Reloaded. 

The Google advice on this issue is here.

Hope that helps

Andy

[MrIminei]

Incidentally it is possible to connect over a secure link:

https://thesewingplace.org.uk/index.php?action=login

Your browser will warn you that the site is not fully secure. This is because photos can be embedded into posts, although they are stored elsewhere - and the browser does not know if they are stored on a secure site.

There are still a few bugs with https but rest assured we are working on this!

Andy

[crooknees]

Thank you for the explanation. Pleased it is nothing to worry about.
Thank you also, for all the trouble you have taken to get us all back together.

[MrIminei]

Our pleasure. Glad you escaped from under your mountain of fabric and yarn to find us!