It's just what the message reads. Your connection is sending your password in plaintext through the internet. So basically everybody along the path can read/steal it. That is not the biggest threat when you are at home, but rather when you use a third party network like your hotel's wifi, the airport's wifi, school or work computers or just some nerdy friends wifi while visiting him. Like mentioned, it's easier at home, but still kids/husband/wife free to get your password.not sure how long it's been this way, a week or more that I'm sure of, can you guys fix this, please?
View attachment 63362
If it makes you feel better, the Passwords are encrypted in the DBIt's just what the message reads. Your connection is sending your password in plaintext through the internet. So basically everybody along the path can read/steal it. That is not the biggest threat when you are at home, but rather when you use a third party network like your hotel's wifi, the airport's wifi, school or work computers or just some nerdy friends wifi while visiting him. Like mentioned, it's easier at home, but still kids/husband/wife free to get your password.
Adding SSL protects you from all of them. Thus browsers are pushing for it. It's a good thing. It's frankly easy to setup SSL nowadays and to protect your users at that front.
The real question you should ask yourself: What's my Stratics password worth? Do I use the same password somewhere else? (google, mail, skype, etc.). What's the impact if someone gets to know it? If they can only login to your Stratics with it, I would say you don't have to worry at all
Nah, I wouldn't be as half as worried about you guys than I would be about those randos in Hotels or other semi-public networksIf it makes you feel better, the Passwords are encrypted in the DB
It's not really an aversion.... part of it is every time it's been tried posts similar to this pop up and false claims, rumors, or general paranoia crop up and the result was having SSL Enabled was reversed. In this it is sort of the opposite instead of getting a notice that "portions" of the site weren't secure when Stratics was running SSL thanks to external links etc. Now you get them because we're not running SSL.Blame Google for making the internet a safer place
I don't see why Stratics has such aversion on SSL, but I've been into that discussion once too often.
But objectively there is a huge difference between "Sending all passwords/messages in cleartext over the network" and "getting an annoying little notification about external links not loading". I guess it comes down to what you really want. Do you want to do what you can to protect your users, or are you just trying to make the feel comfortable while they really are not. The argument you bring here is really "No matter what we do users will complain" while totally dismissing there is a huge difference in the both cases you pointed out.It's not really an aversion.... part of it is every time it's been tried posts similar to this pop up and false claims, rumors, or general paranoia crop up and the result was having SSL Enabled was reversed. In this it is sort of the opposite instead of getting a notice that "portions" of the site weren't secure when Stratics was running SSL thanks to external links etc. Now you get them because we're not running SSL.
I'm buying single site SSL for $100 a year, wildcard certificates for $200 a year. Since LetsEncrypt you even get single domain certificates for free, although I keep buying certificates when it comes to the things that earn my paycheck.Secondly cost, which was a consideration in the past as SSL Certificates until recently weren't exactly cheap, and to keep overhead down it wasn't considered a priority since any type of financial transaction (Subs and Donations) go through Paypal which is Secure. Not having one didn't pose any kind of limitations but that is changing, Apple, and Google are pushing SSL and other browsers and companies are following suit, we do plan to switch over to SSL and when we do like it or not people are going to have to accept it even with the notice that portions might not be secure thanks to still the external linked images etc.
Only when you are on those site of the internet where they use a single password for everything I hope you are not!OMG my stratics password "might" be vunrable. C'mon is this really an issue!?
Is there any new information yet on when you expect to switch to SSL?We are planning to switch to SSL soon, but even then any linked images from outside sources will cause it to say the same thing.