 |
|
eQSL.cc Home
Search
Login
Authors
Recent Posts| »Forums Index »Suggestions »General web site suggestions »Secure Login | 
|
| Author | Topic: Secure Login (5 messages, Page 1 of 1) |
 N2MH/M Mark Herson Posts: 2 Joined: Mar 24, 2002  |
Posted: Dec 29, 2005 07:53 PM
Msg. 1 of 5
Are there any plans to support a secure login into eQSL? Of course, the security conscious LoTW had it from day 1 but I notice that Yahoo now defaults to a secure login with an option for normal login. This is new and directly opposite what they have had all along.
73, Mark, N2MH N2MH/M Mark Herson |
|
N5UP Dave Morris Posts: 132 Joined: Apr 3, 2000 
Founder and Webmaster |
Posted: Dec 31, 2005 02:16 PM
Msg. 2 of 5
By Secure Login I presume you mean one using SSL encryption. I think the reason Yahoo is changing is that nobody seems to have ever gone to the trouble to try to hack into the Internet in such a way as to intercept logins. It would be so difficult to do that I can't imagine anybody going to that trouble to hack into a QSL card site. If someone wanted in that badly, they would be better off just using that same time to create their own DXCC certificate with PhotoShop. And avoid the possibility of an FBI or NSA sting.
Of course, that's just my opinion... I could be wrong! 73, Dave Morris, N5UP |
|
N2MH/M Mark Herson Posts: 2 Joined: Mar 24, 2002 |
Posted: Dec 31, 2005 07:03 PM
Msg. 3 of 5
Hi Dave,
Yes, I do mean SSL encryption. However, the issue is not so much hacking into a QSL site. These days, so many sites need logins and passwords that people lose track of which site needs which combination. Thus, they simplify things and use the same login/password for everything. Therefore, a login/password combination from someone logging into eQSL could be captured and used on a more interesting (or lucrative) site which already uses SSL and would not normally be visible. This scenario and how easily it could be done could produce a lengthy debate. At the end of the day though, if someone asked you nicely, would you do it? :-) 73, Mark, N2MH N2MH/M Mark Herson |
|
N5UP Dave Morris Posts: 132 Joined: Apr 3, 2000
Founder and Webmaster |
Posted: Jan 1, 2006 09:28 AM
Msg. 4 of 5
We would have to implement an SSL certificate. We had one once, but the certificate authorities want a lot of money for them, and they want them renewed every year, and we saw no use for it. All our eCommerce is currently done by third party sites (PayPal, Verisign, PayByCheck) that have their own SSL encryption.
But yes I would consider doing it. I think the first thing would be to get everybody to switch to a more secure password. You wouldn't believe some of the bad passwords people are using. Of course, that's just my opinion... I could be wrong! 73, Dave Morris, N5UP |
|
W6GMT BROCK THOMSEN Posts: 10 Joined: Oct 16, 2004  |
Posted: Jan 1, 2006 01:38 PM
Msg. 5 of 5
Lets just keep the password system just like it is, The Lotow is over kill. It is not the responsibility of the web master to protect you from yourself. If you use the same password for EQSL and your bank that is your problem.
W6GMT BROCK THOMSEN |
|
|