Re: Sign-In
Re: Sign-In
There should be an option to sign-in with FPL number or email, rather than by email only.
Re: Sign-In
I think that sign in by email only is more secure. We all know what exchanges FPL uses, so brute force password attack is easier to perform. Don't even think they lock out your account after X amount of wrong log in attempts.
Besides, I may have logged in 3 times in 2 years.
A secured log in (SSL) is what I would like to see.
Besides, I may have logged in 3 times in 2 years.
A secured log in (SSL) is what I would like to see.
-
- *Go-To Guy*
- Posts: 532
- Joined: 08/06/2010
- SIP Device Name: Grandstream HT-502
- Firmware Version: 1.0.1.63
- ISP Name: DSL TekSavvy
- Computer OS: OSX Snow Leopard
- Router: Linksys WRT54GL w/tomato
Re: Sign-In
+1, bump, me too, etc. This is really dangerous and takes all but 10 minutes to add to any webserver. Slap a 30$ certificate on it and you're good to go with time to spare.zombie999 wrote:A secured log in (SSL) is what I would like to see.
-
- Lightly Seasoned
- Posts: 151
- Joined: 06/09/2010
- SIP Device Name: SPA3102
- Firmware Version: 5.2.13(GW002)
- ISP Name: Start Communications (off Cogeco)
- Computer OS: 8
- Router: TP-Link TL-WR1043ND (DD-WRT)
Re: Sign-In
Where do you get the cert for $30? The lowest I've seen is from ev1servers.net and it's $49 USlaurent wrote:+1, bump, me too, etc. This is really dangerous and takes all but 10 minutes to add to any webserver. Slap a 30$ certificate on it and you're good to go with time to spare.zombie999 wrote:A secured log in (SSL) is what I would like to see.
I'm interested as I sometimes need to buy one for my work or other purposes.
Adam Marshall
AJ Tek
AJ Tek
-
- *Go-To Guy*
- Posts: 532
- Joined: 08/06/2010
- SIP Device Name: Grandstream HT-502
- Firmware Version: 1.0.1.63
- ISP Name: DSL TekSavvy
- Computer OS: OSX Snow Leopard
- Router: Linksys WRT54GL w/tomato
Re: Sign-In
Well that's weird. Not 5 days ago I was telling one of my clients that his godaddy SSL certificates were 30$ per year for renewals (i think it was 50$ first year and then 30$ all subsequent years).OverDrive wrote:Where do you get the cert for $30? The lowest I've seen is from ev1servers.net and it's $49 US
I'm interested as I sometimes need to buy one for my work or other purposes.
I just logged back in my account and all renewals are 50$ per year. That's strange, I'm really quite certain I saw 29,99$ per year for 2+ years.
Perhaps it was a rotating promo on the website and now it's gone, who knows.
Re: Sign-In
Here > http://gan.doubleclick.net/gan_click?li ... 0000317569OverDrive wrote:Where do you get the cert for $30? The lowest I've seen is from ev1servers.net and it's $49 USlaurent wrote:+1, bump, me too, etc. This is really dangerous and takes all but 10 minutes to add to any webserver. Slap a 30$ certificate on it and you're good to go with time to spare.zombie999 wrote:A secured log in (SSL) is what I would like to see.
I'm interested as I sometimes need to buy one for my work or other purposes.
That link should give you a SSL certificate for $12.99 a year. (only when you order though, so add as many years as you will need or you won't get it for the same price next year.) The offer should be in a goldish box, top left. Add it to the cart and the discount is applied at checkout.
Re: Sign-In
I'm pretty sure FPL could afford $50/year.
-
- *Go-To Guy*
- Posts: 532
- Joined: 08/06/2010
- SIP Device Name: Grandstream HT-502
- Firmware Version: 1.0.1.63
- ISP Name: DSL TekSavvy
- Computer OS: OSX Snow Leopard
- Router: Linksys WRT54GL w/tomato
Re: Sign-In
Heck, I'd even accept a self-signed certificate over no encryption at all.
- FONGO_kris
- Site Moderator
- Posts: 1937
- Joined: 05/06/2009
- SIP Device Name: Polycom 550 IP Phone
- Firmware Version: 4.2.0.0310
- ISP Name: Rogers Cable
- Computer OS: Ubuntu 11.10
- Router: Cisco E1200-N
- Smartphone Model: Samsung Galaxy S2
- Android Version: 4.0.3
- Location: Cambridge, Ontario, Canada
- Contact:
Re: Re: Sign-In
The main reason for having not done this as of yet, is our unwillingness to break functionality as users become confused by seeing a (gasp) ssl page. I think that eventually there's going to be one ssl page, but not that all of the domains share (ie. anything.freephoneline.ca/anything all being secured). This of course is my best guess as there has been no further word on the topic for some time.
There has been some loose discussions of moving the customer login to a secured page, than having the front end advertising, rate lookups, etc.. on an unsecure page; however, none of this is finalized nor will it be in the next short while.
There has been some loose discussions of moving the customer login to a secured page, than having the front end advertising, rate lookups, etc.. on an unsecure page; however, none of this is finalized nor will it be in the next short while.
Kris
Logistics & International Purchasing | Fongo
Call us toll-free! 611 from your fongo phone or 1-855-836-3355
Please advise I will no longer be contributing to this forum for the time being. Please feel free to email me.
-----------------------------------------------------------------------------------------------------------------------------------------------
Samsung Galaxy S2 [GT-I9100] / 3.0.15-I9100XXLPH / Thebyani v3.2
Logistics & International Purchasing | Fongo
Call us toll-free! 611 from your fongo phone or 1-855-836-3355
Please advise I will no longer be contributing to this forum for the time being. Please feel free to email me.
-----------------------------------------------------------------------------------------------------------------------------------------------
Samsung Galaxy S2 [GT-I9100] / 3.0.15-I9100XXLPH / Thebyani v3.2
-
- *Go-To Guy*
- Posts: 532
- Joined: 08/06/2010
- SIP Device Name: Grandstream HT-502
- Firmware Version: 1.0.1.63
- ISP Name: DSL TekSavvy
- Computer OS: OSX Snow Leopard
- Router: Linksys WRT54GL w/tomato
Re: Sign-In
There won't be confusion when pushing SSL if you're using a certificate from the big guys because it's transparent. People go from normal to SSL on many sites and it's fine. What's confusing is when you use a self-signed certificate. Firefox has quite the scary warning and IE8 makes it hard to click the continue button.
It's all extremely easy to do. From the technical side, there's no excuse not to at least offer it optionally.
There's a lot of private data on this web page, my home personal address, phone numbers, and call logs for every one that called me or that I have called.
I really, really would like to stress out the importance of plugging this enormous security hole. I really do love and enjoy the FreePhoneLine service as you can probably see from my participation in this forum, but honestly, you're way past the "experimental/beta" stages now. The web site with our private data ought to be secure.
It's all extremely easy to do. From the technical side, there's no excuse not to at least offer it optionally.
There's a lot of private data on this web page, my home personal address, phone numbers, and call logs for every one that called me or that I have called.
I really, really would like to stress out the importance of plugging this enormous security hole. I really do love and enjoy the FreePhoneLine service as you can probably see from my participation in this forum, but honestly, you're way past the "experimental/beta" stages now. The web site with our private data ought to be secure.
-
- Lightly Seasoned
- Posts: 227
- Joined: 04/06/2010
- SIP Device Name: Double-NAT PAP2T-NA
- Firmware Version: 5.1.6 (LS)
- ISP Name: Rogers Express with SB5101
- Computer OS: Win7 32-bit for DV softphone
- Router: WNR3500L behind DIR-615C1
- Location: Brampton, ON
Re: Sign-In
laurent wrote:There won't be confusion when pushing SSL if you're using a certificate from the big guys because it's transparent. People go from normal to SSL on many sites and it's fine. What's confusing is when you use a self-signed certificate. Firefox has quite the scary warning and IE8 makes it hard to click the continue button.
It's all extremely easy to do. From the technical side, there's no excuse not to at least offer it optionally.
There's a lot of private data on this web page, my home personal address, phone numbers, and call logs for every one that called me or that I have called.
I really, really would like to stress out the importance of plugging this enormous security hole. I really do love and enjoy the FreePhoneLine service as you can probably see from my participation in this forum, but honestly, you're way past the "experimental/beta" stages now. The web site with our private data ought to be secure.
Well said. +1
.
You agree to read my posts at your own risk.
You agree to read my posts at your own risk.
- Funkytown
- Technical Support
- Posts: 460
- Joined: 04/01/2010
- SIP Device Name: Cisco SPA112
- Firmware Version: 1.4.1 (SR5) Oct 14 2
- ISP Name: Cik Telecom
- Computer OS: Windows 10
- Router: Zyxel EMG2926
- Smartphone Model: LG G8 Thinq
- Android Version: Android Q
Re: Sign-In
I have to fully agree with Laurent Well said and thanks for talking about the importance for all of us here.