iRisking Security by Not Securing the Login Forms

Daily we visit many websites
for checking our e-mails, shopping, trading etc. How many times do we check for
the legitimacy of those websites? Generally, the website having “https:” and a
green padlock is considering a safe and trustworthy. SSL certificate provides
such type of security and boosts up the trust of the customers visiting your
website.












Most of the online business
owners think that it is only the online transaction that needs to be protected
and hence depends on the trusted payment gateways and processors. Securing your
whole website with SSL and not the login form is also an open invitation to the
intruders.

However, many websites even
the most trusted ones, fails at the smallest point when it comes to the
thorough security. Some famous online brands listed below which places the
customer’s credentials at risk:



GoDaddy, one of the most trusted Certificate Authority
and largest domain and host provider wants you trust its non-secured login
form.



Namecheap.com, another big name as domain, hosting and
SSL certificate providers, provides no security for your logon process. Just
visit home page and try to login with your account, it will get login
information on non-secure page and will land you on secure page after
successfully login to your account. However, this does not ensures the security
of the credentials provided by the user and makes it vulnerable to attacks like
man-in-the-middle-attack. An intruder can easily intercept the data transmitted
by accessing the domains of your DNS requests or can corrupt the machines host
file.
Risks
associated with unsecured login form

If you will trapped in an already compromised Wi-Fi connection
then chances are that an attacker will change the destination of the arrival of
the submitted form (like phishing) and will trace the username and password.

In addition, if there is a person who is very much
conscious about the security will opt not to deal with your website or not
avail the services from you.

How
can you assure the security of the login form?

  • ·        
    Secure the login form with SSL certificate
    separately or shift the login page to a different domain,      which is already
    secure.
  • ·        
    Never just iframe the https form.
  • ·        
    Enable htaccess to enforce the login pages
    to be https.
  • ·        
    Best option – secure your whole website with
    SSL certificate.

Login form is the medium through which customers contacts
you keeping the trust on your website and expects the same in return. It is
your responsibility to secure the login form, as it becomes the easiest way for
hackers to steal the user’s personal information.

About Author:

Peggy is sales and marketing head at theSSLshop, a
leading SSL certificate provider. She is having over 7 years of experience
working with security product sellers and recommend RapidSSL certificate if you are looking for
low cost security solution
.
She has published numerous articles on SSL certificate and security products. 









Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Exploit Heartbleed using Metasploit in Kali Linux

Heartbleed vulnerability (registered as CVE-2014-0160) is a security bug present in the older version of OpenSSL cryptographic library. OpenSSL is a cryptographic toolkit used...

How to Install Parrot Security OS on VirtualBox in 2020

Parrot Security OS is a free GNU/LINUX distribution, released on 10th April 2013. It is a mixture of Kali Linux and Frozenbox OS, aims to...

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...