iRisking Security by Not Securing the Login Forms

Daily we visit many websites
for checking our e-mails, shopping, trading etc. How many times do we check for
the legitimacy of those websites? Generally, the website having “https:” and a
green padlock is considering a safe and trustworthy. SSL certificate provides
such type of security and boosts up the trust of the customers visiting your
website.












Most of the online business
owners think that it is only the online transaction that needs to be protected
and hence depends on the trusted payment gateways and processors. Securing your
whole website with SSL and not the login form is also an open invitation to the
intruders.

However, many websites even
the most trusted ones, fails at the smallest point when it comes to the
thorough security. Some famous online brands listed below which places the
customer’s credentials at risk:



GoDaddy, one of the most trusted Certificate Authority
and largest domain and host provider wants you trust its non-secured login
form.



Namecheap.com, another big name as domain, hosting and
SSL certificate providers, provides no security for your logon process. Just
visit home page and try to login with your account, it will get login
information on non-secure page and will land you on secure page after
successfully login to your account. However, this does not ensures the security
of the credentials provided by the user and makes it vulnerable to attacks like
man-in-the-middle-attack. An intruder can easily intercept the data transmitted
by accessing the domains of your DNS requests or can corrupt the machines host
file.
Risks
associated with unsecured login form

If you will trapped in an already compromised Wi-Fi connection
then chances are that an attacker will change the destination of the arrival of
the submitted form (like phishing) and will trace the username and password.

In addition, if there is a person who is very much
conscious about the security will opt not to deal with your website or not
avail the services from you.

How
can you assure the security of the login form?

  • ·        
    Secure the login form with SSL certificate
    separately or shift the login page to a different domain,      which is already
    secure.
  • ·        
    Never just iframe the https form.
  • ·        
    Enable htaccess to enforce the login pages
    to be https.
  • ·        
    Best option – secure your whole website with
    SSL certificate.

Login form is the medium through which customers contacts
you keeping the trust on your website and expects the same in return. It is
your responsibility to secure the login form, as it becomes the easiest way for
hackers to steal the user’s personal information.

About Author:

Peggy is sales and marketing head at theSSLshop, a
leading SSL certificate provider. She is having over 7 years of experience
working with security product sellers and recommend RapidSSL certificate if you are looking for
low cost security solution
.
She has published numerous articles on SSL certificate and security products. 









Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Become an Expert in Ethical Hacking

This article is mainly addressing the audience who wants to pursue their career in Cybersecurity as a professional that provides ethical hacking services, whether...

5 Cybersecurity Tips to Keep in Mind When Working From Home

  Due to the ongoing global health crisis, more and more people are being forced to work from their homes. In fact, Forbes estimates that about...

The Complete OSINT Tutorial to Find Personal Information About Anyone

This article mainly focuses on how to discover a person's digital footprint and gather personal data by using open-source intelligence (OSINT). So, in its...

How to find the password of hacked email addresses using OSINT

Open-source intelligence or OSINT is a potent technique, and it can give a lot of valuable information, if implemented correctly with the right strategy...