This site lacks HTTPS encryption, not secure!
Posted: May 30th, 2019, 4:57 pm
homebuiltrovs.com lacks HTTPS (aka TLS) encryption. Take a look at the web address. It starts with http. No "s" at the end. This means that every time anyone logs in, their password is sent over the internet unencrypted, in plain text. This means that someone could conceptually steal your password. In order to steal your password the attacker would have to be on the same network as you. For example, if you were accessing this site via communal wifi at a coffee shop or via cell service.
My recommendation for the site owner Steve- Upgrade the login page to HTTPS as soon as possible. Upgrade the entire site to HTTPS eventually.
My recommendation to users of this site- Use a unique password that you do not use for any other website. You should be ok with this password being stolen. Do not log into homebuiltrovs.com on a public wifi network of via your cell phone.
Sorry for being the bearer of bad news but I believe the security of this site is important and I wanted to raise the issue!
My recommendation for the site owner Steve- Upgrade the login page to HTTPS as soon as possible. Upgrade the entire site to HTTPS eventually.
My recommendation to users of this site- Use a unique password that you do not use for any other website. You should be ok with this password being stolen. Do not log into homebuiltrovs.com on a public wifi network of via your cell phone.
Sorry for being the bearer of bad news but I believe the security of this site is important and I wanted to raise the issue!