Re: Amex login info secure?

On Mar 14, 7:41 pm, Gary Smith <bitbuc...@xxxxxxxxxxx> wrote:
My previous response somehow got run together, so you may have missed the
point I was trying to make. When I typewww.americanexpress.comin the
address bar and press enter, I'm immediately redirected tohttps://home.americanexpress.com/home/mt_personal.shtml, which is secure
by virtue of the "https" protocol. That's where the login boxes are, on a
secure page which causes the lock symbol to be displayed in the status
bar. Does that not happen for you?

Yes, it does. I missed the part where you use .com as the suffix
rather than .ca. That is the difference which caused the login page
to be secure. Weird, eh?


Mister.Fred...@xxxxxxxxx wrote:
On Mar 13, 8:45 pm, Gary Smith <bitbuc...@xxxxxxxxxxx> wrote:
Not necessarily. www.americanexpress.comredirectstohttps://home.americanexpress.com/home/mt_personal.shtml, so the login
itself is secure. My bank does the same thing. That's better than having
you enter a usename and password into an unsecured page.
I looked up shtml on wikipedia. It doesn't exactly give the
impression that shtml is for security.
I did in fact phone Amex, but the front line person couldn't explain
the lack of https, or of a lock symbol in the lower right corner.
Again, the question here relates to security of authentication info,
not necessarily security of the session after logging in.
Tom Willett <tompep...@xxxxxxxxxxxx> wrote:
That's how logins work.
|The initial "home" page does not
| appear to be secure, but there is a small "lock" symbol next to the "LOG
IN"
| box. This implies that after you login the link becomes secure. Better to
| call and ask.
|
| "

--
Gary L. Smith
Columbus, Ohio

--
Gary L. Smith
Columbus, Ohio


.

Relevant Pages

  • Re: Linked Table-Embed Password
    ... > for the one login was the security. ... Don't confuse data security issues with data integrity issues. ... It may be common, but it's not secure. ... See http://www.QBuilt.com for all your database needs. ...
    (microsoft.public.access.security)
  • Re: Logins and mdw file
    ... If you can get in without a login, ... Creating userids and passwords in an MDW file DOES NOT secure the file. ... You need to make backup copies of your files, then read the security FAQ. ... > I have three Access programs running on a variety of PC's ...
    (microsoft.public.access.formscoding)
  • Securing user table with sha function
    ... Now moving on into other aspects of security:P I was thinking of a way to ... secure my login inputs the best way possible. ... Seeing how many different types of injection attacks their is and while ... AND how to secure for injection attacks? ...
    (php.general)
  • Re: Secure Login Form
    ... HTTPS should definitely be used, this web form isn't secure otherwise ... I'd recommend php, as it's server side so you are processing ... login form. ...
    (Security-Basics)
  • Re: How do I protect my login page from prying eyes (forms authentication)?
    ... I suppose I could have the login page in the main site (ie not ... >>At the end of the day though, you're just practicing security through ... Have the secure website generate invoices in the non-secure site, ...
    (microsoft.public.dotnet.framework.aspnet)