How to create a secure login

Go down

In progress How to create a secure login

Post by MRAC on August 8th 2019, 9:53 pm

Technical Details


Forum version : #Invision
Position : Founder
Concerned browser(s) : Mozilla Firefox
Who the problem concerns : Yourself
When the problem appeared : login
Forum link :

Description of problem

Hello everybody,
I have just joined as a forum founder.

The first problem that I encountered was the admin login being unsecure.

I set up 'topic it' but it didn't work, so I entered the password.
I figured that I could mod the Admin password internally
... but it also displays as insecure!

Topic it now works, but the password has already been transmitted.

Is there anything that I can do, step by step, to regain security, before I begin setting up the forum, and publicising it?

Also - RE Members

Are they going to be logging in ... in an unsecure fashion?

Thanks
Smile


MRAC
MRAC
New Member

Posts : 5
Reputation : 1

Back to top Go down

In progress Re: How to create a secure login

Post by SLGray on August 8th 2019, 11:03 pm

Do you mean in the browser?


How to create a secure login Slgray10

When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.
SLGray
SLGray
Administrator
Administrator

Male Posts : 46802
Reputation : 3278
Language : English
Location : United States

https://fmthemes.forumotion.com/

Back to top Go down

In progress Re: How to create a secure login

Post by brandon_g on August 8th 2019, 11:07 pm

Hello,

Your forum and it's login is secure, the reason you are getting a not secure message is because your forum does not have an ssl certificate. Any site without an ssl certificate will get a not secure message on any forms.

If you would like to get an ssl certificate, you can do so by getting either the advanced or premium package:

https://help.forumotion.com/t155627-forumotion-packages
https://help.forumotion.com/t150650-ssl-certificate-guide-for-a-success-forum-migration-to-https#1038838

-Brandon


How to create a secure login Brando10
Remember to mark your topic How to create a secure login Solved15 when a solution is found.
brandon_g
brandon_g
Manager
Manager

Male Posts : 8706
Reputation : 781
Language : English
Location : USA

https://www.broadcastingduo.com

Back to top Go down

In progress Re: How to create a secure login

Post by MRAC on August 8th 2019, 11:20 pm

Yes, in the browser.

The firefox browser highlights that the login is insecure.
Ha!
It does this repeatedly.

Presumably because the page is not https.

What can I do?

Can I enter the admin page and delete the password, and not enter a new one
.... then simply log in via Topic it ?

Or should we delete the account, and start again?

I just don't want to start insecurely, and have all the guests getting security warnings.

... but I'm also aware that 'we' have no security these days.
We seem to be well tied and stuffed Sad

Do we accept the complete lack of privacy?

Very Happy
-----------
Okay, just read the next message, received while posting.
Will respond soon....
MRAC
MRAC
New Member

Posts : 5
Reputation : 1

Back to top Go down

In progress Re: How to create a secure login

Post by SLGray on August 8th 2019, 11:35 pm



How to create a secure login Slgray10

When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.
SLGray
SLGray
Administrator
Administrator

Male Posts : 46802
Reputation : 3278
Language : English
Location : United States

https://fmthemes.forumotion.com/

Back to top Go down

In progress Re: How to create a secure login

Post by brandon_g on August 8th 2019, 11:46 pm

As I said before, your forum is secure, the label just means its not https. The only way to get it to go away is to switch the forum over to https.


How to create a secure login Brando10
Remember to mark your topic How to create a secure login Solved15 when a solution is found.
brandon_g
brandon_g
Manager
Manager

Male Posts : 8706
Reputation : 781
Language : English
Location : USA

https://www.broadcastingduo.com

Back to top Go down

In progress Re: How to create a secure login

Post by APE on August 9th 2019, 1:23 am

I will try and tell you how this works.

All forums srat off with the address HTTP before this was all fine until google and other systems come up with this new system to make all data safe when logging in.

They then made it HTTPs but you have to pay for the ssl certificate as this is not free to any one.

Now All forums are still 99.9% safe but NO site is 100% it just can't be no matter if you have http or https address

Now the new HTTPS address makes it more safe for things like Email addresses IP addresses and bank credit cards and password's

Now on our forums we do not have any data saved for your bank so the HTTPs address is not really needed for your site as the HTTP address is still safe for your Email IP and Password's your passwords are still encrypted by our systems so it is still seen as safe.

Now it don't matter if you make a new forum and delete this forum it will still come up with the same warning until you pay for a package every year.

All sites all over the world will have the same warning if they don't pay for a HTTPS address but it don't mean the site os not safe it just means bank data is not 100% safe.


How to create a secure login Left1212How to create a secure login Center11How to create a secure login Right112
How to create a secure login Ape_b110
How to create a secure login Ape1010
APE
APE
Administrator
Administrator

Male Posts : 14971
Reputation : 1619
Language : fluent in dork / mumbojumbo & English haha

http://chatworld.forumotion.co.uk/

Back to top Go down

In progress Re: How to create a secure login

Post by Occultist on August 9th 2019, 8:55 am

When a site doesn't use https, the data that you enter(username, password, replyes to topics and so on) will be transmitted over the network unencrypted(as in plain text). This allows for man in thr middle type of attacks. Basically, someone watches the data that is sent through the network and can capture for example, your password. Now, this type of attacks usually work when you have another breached device, for example a router or when you are using an open wifi network that anyone can access. The chance of your forum being targeted, let alone succesfully attacked approaches 0.

Https solves that issue. Data that is sent over https is encrypted. Even if someone gets access to that data, they'll have a hard time getting anything useful out of it.

On low profile websites, http is often enough, but using https will be quite a significant security boost and make your users more confident, while also ranking your website higher on search engines.

To get a ssl certificate you will have to buy a package and then the certificate itself.
@Ape, make a google search for Let's Encrypt. If you're too lazy, they are offering free ssl certificates. Cloudflare does that too if I'm not mistaken. I would love it if forumotion allowed us to use such services. Come to think about it, I may make a suggestion about it.
Occultist
Occultist
Forumember

Posts : 181
Reputation : 48
Language : English and couple others

https://idonthaveaforum.forumotion.com

Back to top Go down

In progress Re: How to create a secure login

Post by MRAC on August 9th 2019, 6:22 pm

Thanks to everyone who has taken the time to reply.

I'm not a security expert ... not by a long chalk.
However, I have been forced to acquire some knowledge.
Here is a guide to Lets Encrypt - https installed for free (in 15 minutes) using cPanel

It also outlines the critical https redirect code (which is a life saver)

Strangely enough, if you search for 'https installed for free' in DuckDuckGo - it is literally nowhere in the results, with all sorts of 'install stuff' appearing high up. How to create a secure login 1f600

But still ... 2.5k views

Let's encrypt then sends out an email to remind you that the script is about to expire.
Once you are organised, with saved tabs, the whole process can be completed in around 6 minutes, with zero stress.

Of course, all security is severely limited.
I work on the assumption that everything that I do is open to scrutiny.
However, the https does avoid the Firefox security warnings to users - which I believe is an important factor.

I presume that, for a forum, the difficulty would be in arranging the certificate upload and replacement, without a CPanel site controller.
==========

Re the forum ... I'm uncertain.
Everything yesterday was a blur ... attempting to quickly get on top of 'a subject home', due to time being short.
Never a good idea.

I had 3 options - yourselves and proboards and createaforum.
I set up the forum, with you first, but there were these issues as discussed.

There was no clear information indicating payment options ... I found it only after you chaps pointed it out to me.
Even then, it was a struggle to find out what the points were costing.

As it happens, your costing is competitive.

However, by this time, I had checked out proboards, and paid $4.80 for the privilege.
Then I discovered that Firefox was showing a security warning, with their login redirect page.

Late at night, hot, sweaty, and being bitten by mosquitos ... it was 'head in hands' scenario.

Anyway...
Both you and proboards provided support.

Proboards stated that Firefox was in error.
Chrome doesn't provide any redirect page warning, but in my experience Firefox is more accurate with its security warnings.
(Chrome seems to block any site with interesting info, that loads perfectly in Firefox).

So what to do?
I now have two forums with the same name.

What are pros and cons?

Question


MRAC
MRAC
New Member

Posts : 5
Reputation : 1

Back to top Go down

In progress Re: How to create a secure login

Post by brandon_g on August 9th 2019, 7:54 pm

If you read the tutorial I linked to 2 posts ago, it explains the pros and cons and the process for getting an ssl certificate on our service.

Basically you have 2 options available to you:

Option 1: Leave the forum as it is, nothing bad will happen without an ssl certificate (it's just an EXTRA form of security), your forum is still secure and your data encrypted on the database.

Option 2: You can pay for either a monthly or yearly advanced or premium package with us and you can then have an ssl certificate added, as it is included in either package.

Whichever option you choose, is up to you, but just know your forum and it's data is secure with either option.


How to create a secure login Brando10
Remember to mark your topic How to create a secure login Solved15 when a solution is found.
brandon_g
brandon_g
Manager
Manager

Male Posts : 8706
Reputation : 781
Language : English
Location : USA

https://www.broadcastingduo.com

Back to top Go down

In progress Re: How to create a secure login

Post by Occultist on August 9th 2019, 7:57 pm

I personally had about 3 forumotion forums over about 5 years. When I started I didn't know anything about how forums and websites in general work. My first forum was a complete failure. For me, forumotion was a pretty good learning ground. I went from not knowing anything to being a pretty good web developer. The second forum that I had gained a bit of popularity, but nothing significant. I ended up closing it due to personal problems. The third one is in development right now. Very Happy

I took a look at what proboards has to offer and, on the overall, they are quite similar. They both allow you to edit your templates and css. Proboards seems to have better code structure but there are a couple issues that I noticed there as well. They both have a chatbox option. The one on proboards seems a bit slow. The one on forumotion is quite a pain as well.

On forumotion there is a thing called the "Javascript management" section. This basically allows one to easily use javascript on their forum. You can create quite a lot of things this way.

On proboards, the counterpart to the JS Management is called Plugins. From what I can tell they are largely the same thing, except for one part. Proboards allows you to indirectly use a database, which is quite significant, especially if you have some knowledge to use it. They allow you to create your own plugin, but I couldn't find any tutorial on how to actually do that.

Talking about speed, a default forum on proboards loads in 1.9s. Note that ads seem to be disabled at the start. I would imagine that they get enabled as you gain more activity. A default forumotion forum with ads loads in 3.2s, but has way worse code structure than proboards seems to have. If the proboards forum had ads enabled, it would probably load in around 3-4s.
As I was writing this I discovered that I had an older forum on proboards. It does display ads. I did a speed test and it loads in 5.4s. That's pretty bad.

I personally don't know much about proboards except for what I could see by looking around the proboards admin panel for 10 minutes. The best thing would probably be to see if we can find someone that extensively used both platforms. I may experiment a little more with proboards.

Whatever your choice may be, good luck!

@brandon_g, the only data that is encrypted in the database is the password. Everything else is stored as plain text. Without a ssl certificate, the data that goes between the device that accesses the website(your laptop, phone, tablet etc.) and the server is transmitted as plaintext. That is not secure. In certain cases, one can gain access to that data. That won't normally happen to a forum, but https is basically a standard in 2019.


Last edited by Occultist on August 9th 2019, 8:00 pm; edited 1 time in total (Reason for editing : Grammar)
Occultist
Occultist
Forumember

Posts : 181
Reputation : 48
Language : English and couple others

https://idonthaveaforum.forumotion.com

Back to top Go down

In progress Re: How to create a secure login

Post by brandon_g on August 9th 2019, 9:11 pm

I understand how https works, I was simply explaining that the data in the database itself is secure and encrypted.


How to create a secure login Brando10
Remember to mark your topic How to create a secure login Solved15 when a solution is found.
brandon_g
brandon_g
Manager
Manager

Male Posts : 8706
Reputation : 781
Language : English
Location : USA

https://www.broadcastingduo.com

Back to top Go down

In progress Re: How to create a secure login

Post by Occultist on August 9th 2019, 9:58 pm

@brandon_g The data is obviously safe in the database, but just because you're safe at work and at home, doesn't mean you won't be kidnapped on your way from one place to the another.
Occultist
Occultist
Forumember

Posts : 181
Reputation : 48
Language : English and couple others

https://idonthaveaforum.forumotion.com

Back to top Go down

In progress Re: How to create a secure login

Post by MRAC on August 9th 2019, 10:15 pm

Thank you Occultist, for putting the time in, and sharing your knowledge.

I am still finalising the primary document that will cause people to visit the forum.
When it goes out, it must contain the forum link How to create a secure login 1f625

In the meantime, we'll see what others may have to say.
MRAC
MRAC
New Member

Posts : 5
Reputation : 1

Back to top Go down

In progress Re: How to create a secure login

Post by SLGray on August 10th 2019, 12:22 am

This is not the place to have a debate about different forum providers.


How to create a secure login Slgray10

When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.
SLGray
SLGray
Administrator
Administrator

Male Posts : 46802
Reputation : 3278
Language : English
Location : United States

https://fmthemes.forumotion.com/

Back to top Go down

In progress Re: How to create a secure login

Post by MRAC on August 10th 2019, 2:33 am

Ha!
This is true.
Threads always have a tendancy to run off topic Smile
MRAC
MRAC
New Member

Posts : 5
Reputation : 1

Back to top Go down

In progress Re: How to create a secure login

Post by SLGray on August 10th 2019, 2:48 am

Is the issue/question in the first post solved/answered?


How to create a secure login Slgray10

When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.
SLGray
SLGray
Administrator
Administrator

Male Posts : 46802
Reputation : 3278
Language : English
Location : United States

https://fmthemes.forumotion.com/

Back to top Go down

Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum