Turns All Year - Unsecure

I'm starting a new topic from the "Silas hacked" topic. I just want to make sure Marcus and all people who use this site that their data username/passwords are not safe when logging in.

If you are using this site, I'd recommend that you change your passwords on any other site you use to be something other than this password used here. Let me show you why.

The first PIC attached (login.png) shows you the login page. While your password is 'masked' here, and looks secure, when you make the actual request to login request to TAY, it's sent over unencrypted HTTP traffic and the data is actually stored in the POST body of the request.

This means that if anyone reviewed this packet being sent to TAY, they could see your username/password as nothing is encrypted. So, if you're using the same username/password that you use when you bank, I'd highly recommend changing it.

After pointing this out, could we look at using something like FB/Google/Amazon Integration with our logins so that no username/password has to be passed along or stored on the site?

I admired TAY's timelessness; ceding our identities to a third party for authentication would be a bummer.

HTTPS, however, would be awesome.

I admired TAY's timelessness; ceding our identities to a third party for authentication would be a bummer.

HTTPS, however, would be awesome.

Just curious as to why it would be a bummer? Most if not all of us are already a member of FB/Amazon/G+, why not let them deal with the authentication part of this. We could still keep our own usernames/etc.., we just wouldn't have to have TAY handle the PW Auth, and hashing/salting the PW on the back-end DB. Less over head and it's a hell of a lot more secure than doing it yourself as the sessions are all handled by encrypted Cookie tokens

Saw a friend on a streetcorner tonight, and among the first things he had to say was, "I need to talk with you about FB auth on TAY", so I'd better respond .

In short, it's absolutely easier for a webmaster to defer authentication over to a social network, ad-network/search engine, or department store. It'll work well and be both very secure and continuously updated.

I'm just uncomfortable making a third-party company a gatekeeper for our community. If one day one of those companies decides to freeze a TAYer's account, for any reason, then they'd no longer be able to log in to TAY. That'd be a bummer.

I got 2 cyber accounts, here and the mothership. But really I'm just around to find out where the 3rd party is at. Plus, Silas is skiing fine.