iRisking Security by Not Securing the Login Forms

Daily we visit many websites
for checking our e-mails, shopping, trading etc. How many times do we check for
the legitimacy of those websites? Generally, the website having “https:” and a
green padlock is considering a safe and trustworthy. SSL certificate provides
such type of security and boosts up the trust of the customers visiting your

Most of the online business
owners think that it is only the online transaction that needs to be protected
and hence depends on the trusted payment gateways and processors. Securing your
whole website with SSL and not the login form is also an open invitation to the

However, many websites even
the most trusted ones, fails at the smallest point when it comes to the
thorough security. Some famous online brands listed below which places the
customer’s credentials at risk:

GoDaddy, one of the most trusted Certificate Authority
and largest domain and host provider wants you trust its non-secured login

Namecheap.com, another big name as domain, hosting and
SSL certificate providers, provides no security for your logon process. Just
visit home page and try to login with your account, it will get login
information on non-secure page and will land you on secure page after
successfully login to your account. However, this does not ensures the security
of the credentials provided by the user and makes it vulnerable to attacks like
man-in-the-middle-attack. An intruder can easily intercept the data transmitted
by accessing the domains of your DNS requests or can corrupt the machines host
associated with unsecured login form

If you will trapped in an already compromised Wi-Fi connection
then chances are that an attacker will change the destination of the arrival of
the submitted form (like phishing) and will trace the username and password.

In addition, if there is a person who is very much
conscious about the security will opt not to deal with your website or not
avail the services from you.

can you assure the security of the login form?

  • ·        
    Secure the login form with SSL certificate
    separately or shift the login page to a different domain,      which is already
  • ·        
    Never just iframe the https form.
  • ·        
    Enable htaccess to enforce the login pages
    to be https.
  • ·        
    Best option – secure your whole website with
    SSL certificate.

Login form is the medium through which customers contacts
you keeping the trust on your website and expects the same in return. It is
your responsibility to secure the login form, as it becomes the easiest way for
hackers to steal the user’s personal information.

About Author:

Peggy is sales and marketing head at theSSLshop, a
leading SSL certificate provider. She is having over 7 years of experience
working with security product sellers and recommend RapidSSL certificate if you are looking for
low cost security solution
She has published numerous articles on SSL certificate and security products. 

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...