Monday, April 15, 2013

Web hosting can complicate password management, use of https

Here’s another security anomaly.  A certain site, in Windows 8, if you enter the domain name into Google Chrome, takes you to the account manager page for the site under https for sign up, rather than the content page, because of the way it is set up by the ISP.  Also, with a password change, the password verifications internal to the site work immediately, but the basic sign on doesn’t take effect for 24 hours. 

Windows 7 (or Mac OS - Safari) doesn't seem to behave this way. Nor does Firefox or IE even in Windows 8. Just Chrome.
If the original site doesn’t have any user logon capability, then it really doesn’t need https, and there is no need for the browser to presume it (unless there is concern that someone could monitor the visitor’s surfing habits, but that’s a whole different area, “do not track”).  

No comments: