Re: Sign-In

[Pirate]

There should be an option to sign-in with FPL number or email, rather than by email only.

[zombie999]

I think that sign in by email only is more secure. We all know what exchanges FPL uses, so brute force password attack is easier to perform. Don't even think they lock out your account after X amount of wrong log in attempts.

Besides, I may have logged in 3 times in 2 years.

A secured log in (SSL) is what I would like to see.

[laurent]

A secured log in (SSL) is what I would like to see.

+1, bump, me too, etc. This is really dangerous and takes all but 10 minutes to add to any webserver. Slap a 30$ certificate on it and you're good to go with time to spare.

[OverDrive]

A secured log in (SSL) is what I would like to see.

+1, bump, me too, etc. This is really dangerous and takes all but 10 minutes to add to any webserver. Slap a 30$ certificate on it and you're good to go with time to spare.

Where do you get the cert for $30? The lowest I've seen is from ev1servers.net and it's $49 US

I'm interested as I sometimes need to buy one for my work or other purposes.

[laurent]

Where do you get the cert for $30? The lowest I've seen is from ev1servers.net and it's $49 US

I'm interested as I sometimes need to buy one for my work or other purposes.

Well that's weird. Not 5 days ago I was telling one of my clients that his godaddy SSL certificates were 30$ per year for renewals (i think it was 50$ first year and then 30$ all subsequent years).

I just logged back in my account and all renewals are 50$ per year. That's strange, I'm really quite certain I saw 29,99$ per year for 2+ years.

Perhaps it was a rotating promo on the website and now it's gone, who knows.

[Jake]

A secured log in (SSL) is what I would like to see.

+1, bump, me too, etc. This is really dangerous and takes all but 10 minutes to add to any webserver. Slap a 30$ certificate on it and you're good to go with time to spare.

Where do you get the cert for $30? The lowest I've seen is from ev1servers.net and it's $49 US

I'm interested as I sometimes need to buy one for my work or other purposes.

Here > http://gan.doubleclick.net/gan_click?li ... 0000317569

That link should give you a SSL certificate for $12.99 a year. (only when you order though, so add as many years as you will need or you won't get it for the same price next year.) The offer should be in a goldish box, top left. Add it to the cart and the discount is applied at checkout.

[zombie999]

I'm pretty sure FPL could afford $50/year.

[laurent]

Heck, I'd even accept a self-signed certificate over no encryption at all.

[FONGO_kris]

The main reason for having not done this as of yet, is our unwillingness to break functionality as users become confused by seeing a (gasp) ssl page. I think that eventually there's going to be one ssl page, but not that all of the domains share (ie. anything.freephoneline.ca/anything all being secured). This of course is my best guess as there has been no further word on the topic for some time.

There has been some loose discussions of moving the customer login to a secured page, than having the front end advertising, rate lookups, etc.. on an unsecure page; however, none of this is finalized nor will it be in the next short while.

[laurent]

There won't be confusion when pushing SSL if you're using a certificate from the big guys because it's transparent. People go from normal to SSL on many sites and it's fine. What's confusing is when you use a self-signed certificate. Firefox has quite the scary warning and IE8 makes it hard to click the continue button.

It's all extremely easy to do. From the technical side, there's no excuse not to at least offer it optionally.

There's a lot of private data on this web page, my home personal address, phone numbers, and call logs for every one that called me or that I have called.

I really, really would like to stress out the importance of plugging this enormous security hole. I really do love and enjoy the FreePhoneLine service as you can probably see from my participation in this forum, but honestly, you're way past the "experimental/beta" stages now. The web site with our private data ought to be secure.

[cu2o2o2]

There won't be confusion when pushing SSL if you're using a certificate from the big guys because it's transparent. People go from normal to SSL on many sites and it's fine. What's confusing is when you use a self-signed certificate. Firefox has quite the scary warning and IE8 makes it hard to click the continue button.

It's all extremely easy to do. From the technical side, there's no excuse not to at least offer it optionally.

There's a lot of private data on this web page, my home personal address, phone numbers, and call logs for every one that called me or that I have called.

I really, really would like to stress out the importance of plugging this enormous security hole. I really do love and enjoy the FreePhoneLine service as you can probably see from my participation in this forum, but honestly, you're way past the "experimental/beta" stages now. The web site with our private data ought to be secure.

Well said. +1

[Funkytown]

I have to fully agree with Laurent Well said and thanks for talking about the importance for all of us here.