[Dshield] Banks Shifting Logins to Non-SSL Pages

Cefiar cef at optus.net
Wed Aug 24 01:37:06 GMT 2005


On Tuesday 23 August 2005 23:35, Fergie (Paul Ferguson) wrote:
> After years of training customers to trust only SSL-enabled sites, banks
> are shifting their online banking logins to the unencrypted home pages of
> their websites. Although the data is encrypted once the user hits the "Sign
> In" button, the practice runs counter to years of customer conditioning, as
> well as the goals of the browser makers.

This could be easily taken care of by providing a LINK to an SSL-only login 
page on their normal home page, even in tandem with the method described in 
the article. This allows the user to bookmark the page directly (if 
necessary) so that they can go straight to the login page and bypass the home 
page. Of course, this means that the user then has a way of skipping all that 
beautiful (*sic*) advertising the bank has for all it's new services. All 
this extra content is the main problem, and in fact is the main reason for 
the extra load on SSL enabled pages in the first place.

-- 
 Stuart Young - aka Cefiar - cef at optus.net


More information about the list mailing list