Re: Amex login info secure?

Mister.Fred.Ma@xxxxxxxxx wrote:
On Mar 14, 7:41 pm, Gary Smith <bitbuc...@xxxxxxxxxxx> wrote:
My previous response somehow got run together, so you may have missed the
point I was trying to make. When I typewww.americanexpress.comin the
address bar and press enter, I'm immediately redirected tohttps://home.americanexpress.com/home/mt_personal.shtml, which is secure
by virtue of the "https" protocol. That's where the login boxes are, on a
secure page which causes the lock symbol to be displayed in the status
bar. Does that not happen for you?

Yes, it does. I missed the part where you use .com as the suffix
rather than .ca. That is the difference which caused the login page
to be secure. Weird, eh?

I suspect that the difference is in the way www.americanexpress.ca is set
up. Evidently the target of its redirect is not a secure page. I'll call
that a page construction error.


Mister.Fred...@xxxxxxxxx wrote:
On Mar 13, 8:45 pm, Gary Smith <bitbuc...@xxxxxxxxxxx> wrote:
Not necessarily. www.americanexpress.comredirectstohttps://home.americanexpress.com/home/mt_personal.shtml, so the login
itself is secure. My bank does the same thing. That's better than having
you enter a usename and password into an unsecured page.
I looked up shtml on wikipedia. It doesn't exactly give the
impression that shtml is for security.
I did in fact phone Amex, but the front line person couldn't explain
the lack of https, or of a lock symbol in the lower right corner.
Again, the question here relates to security of authentication info,
not necessarily security of the session after logging in.
Tom Willett <tompep...@xxxxxxxxxxxx> wrote:
That's how logins work.
|The initial "home" page does not
| appear to be secure, but there is a small "lock" symbol next to the "LOG
IN"
| box. This implies that after you login the link becomes secure. Better to
| call and ask.
|
| "

--
Gary L. Smith
Columbus, Ohio

--
Gary L. Smith
Columbus, Ohio



--
Gary L. Smith
Columbus, Ohio
.

Relevant Pages

  • Re: Secure Login Form
    ... HTTPS should definitely be used, this web form isn't secure otherwise ... I'd recommend php, as it's server side so you are processing ... login form. ...
    (Security-Basics)
  • Re: https-Question
    ... If the form is submitted to a HTTPS address then the form data will arrive securely, but there is another issue with using insecure login pages like this. ... It's good practice to have both the login page and the page you submit to fully secure ...
    (comp.infosystems.www.authoring.html)
  • Re: Passing data from a http page to https page. Is it secure?
    ... Theoretically, yes, it's secure. ... https to begin with. ... Yahoo Login page has 2 modes Standard and Secure. ... > standard mode the login page was an http one, but the data is being posted ...
    (microsoft.public.vsnet.general)
  • Re: Is .NET Passport credential traffic secure?
    ... my point is that you must FIRST establish a secure connection to ... user instead of making the login page itself secured with SSL so the ... The "Sign In" page at eBay submits the form data ... HTTPS site: Allowing the site to generate the HTML content in the page ...
    (microsoft.public.security)
  • Re: Ace Password Sniffer : How does it work ?
    ... >> Another protocol that offers same is IPSec. ... >> authentication and secure transfer of data between server and client ... >> would be pretty hard to use SSL to secure data exchanged between ... Once you are done with the secured login, ...
    (microsoft.public.security)
Loading