I've been using FPL for a while and loved it. But just today, I noticed that the website of fpl is not using https for the login session. And I always use public wireless(public library, 3G) to access and set the follow me setting. Is this safe?
BTW can the SIP PW be changed easily, in case it's been exposed to hackers somehow?
fpl.ca is not using a https for password, is this safe?
-
laurent
- *Go-To Guy*
- Posts: 532
- Joined: 08/06/2010
- SIP Device Name: Grandstream HT-502
- Firmware Version: 1.0.1.63
- ISP Name: DSL TekSavvy
- Computer OS: OSX Snow Leopard
- Router: Linksys WRT54GL w/tomato
Re: fpl.ca is not using a https for password, is this safe?
No, it's not safe. Don't login to FPL if you're on a network you do not trust.
It's been discussed here http://forum.freephoneline.ca/viewtopic ... 893#p10755
The password can only be changed by special request. PM the admins or call support.
It's been discussed here http://forum.freephoneline.ca/viewtopic ... 893#p10755
The password can only be changed by special request. PM the admins or call support.
-
jackd
- Just Passing Thru
- Posts: 5
- Joined: 05/26/2010
- SIP Device Name: SPA-1001
- Firmware Version: 2.0.1(659e)
- ISP Name: TekSavvy, DSL
Re: fpl.ca is not using a https for password, is this safe?
Thanks, have read your posts. Totally agree with you. all the info stored in here are important personal info enough to cause identity theft issue, not to mention it's associated with direct access to you sip settings. So a person can easily calling from your number along with all all the address info, It's pretty scary.
An encrypted login session should be in place to prevent such kind of security issues.This should be regarded as a problem.
An encrypted login session should be in place to prevent such kind of security issues.This should be regarded as a problem.
-
FONGO_kris
- Site Moderator
- Posts: 1937
- Joined: 05/06/2009
- SIP Device Name: Polycom 550 IP Phone
- Firmware Version: 4.2.0.0310
- ISP Name: Rogers Cable
- Computer OS: Ubuntu 11.10
- Router: Cisco E1200-N
- Smartphone Model: Samsung Galaxy S2
- Android Version: 4.0.3
- Location: Cambridge, Ontario, Canada
- Contact:
Re: fpl.ca is not using a https for password, is this safe?
SSL encryption for customer login has to wait until we can separate it from the rest of the website, since we obviously do not want to enable SSL over the entire website, only the login section. This will require a bit of time and dedication on our programmers part as they'll have to redesign a login page which incorporates both the general customer login but also the online purchasing page.
We will keep you updated with future developments, but currently the time needed is not available.
We will keep you updated with future developments, but currently the time needed is not available.
Kris
Logistics & International Purchasing | Fongo
Call us toll-free! 611 from your fongo phone or 1-855-836-3355
Please advise I will no longer be contributing to this forum for the time being. Please feel free to email me.
-----------------------------------------------------------------------------------------------------------------------------------------------
Samsung Galaxy S2 [GT-I9100] / 3.0.15-I9100XXLPH / Thebyani v3.2
Logistics & International Purchasing | Fongo
Call us toll-free! 611 from your fongo phone or 1-855-836-3355
Please advise I will no longer be contributing to this forum for the time being. Please feel free to email me.
-----------------------------------------------------------------------------------------------------------------------------------------------
Samsung Galaxy S2 [GT-I9100] / 3.0.15-I9100XXLPH / Thebyani v3.2
Re: fpl.ca is not using a https for password, is this safe?
Why not? E.g Vbuzzer has encryption on the whole site and no one is complaining about this. I hate them but at least they are doing that right from the beginning.admin wrote: since we obviously do not want to enable SSL over the entire website, only the login section.
So is the password sent in plain text or as one-way-hash on the current FPL site?
-
laurent
- *Go-To Guy*
- Posts: 532
- Joined: 08/06/2010
- SIP Device Name: Grandstream HT-502
- Firmware Version: 1.0.1.63
- ISP Name: DSL TekSavvy
- Computer OS: OSX Snow Leopard
- Router: Linksys WRT54GL w/tomato
Re: fpl.ca is not using a https for password, is this safe?
100% pure old-fashioned genuine plaintext, from my understanding of the code.zombie999 wrote:So is the password sent in plain text or as one-way-hash on the current FPL site?