(3 votes, average: 4.67 out of 5)
There is always a risk involved when entering your login credentials as a user on a site that is not secured by an SSL certificate. Doing so allows potential attackers to view your username and password in plaintext. The attackers could easily steal information entered by the user in a non-https web-page that hosts the login form. There are several approaches an attacker can take to steal a user’s login information, like phishing, cross-site scripting or man-in-the-middle attacks. Such compromised login details can result into bigger problems like data theft, etc.
Here are two of the most common mistakes a lot of web-developers end up committing when it comes to creating a secure login form.
Tip: You can typically save a significant amount by buying your SSL certificate direct instead of through your web hosting company. We sell all Comodo SSL certificates at up to 75% off.
Compare SSL Certificates
Now that we are aware about the procedures to be avoided to secure a login form, let’s go over the method of securing it with an SSL certificate. Many websites, including highly trusted bank websites, conveniently used to put their login form on their unsecured home pages. This has caused a lot of trouble to the users submitting their personal information after logging into these sites. Thankfully, on realizing the dire consequences, many sites opted for more secure methods. On such sites, the visitors are forwarded to an ‘https’ page even if they visit their unsecured homepage. In addition to that, EV SSL certificate visual cues like the green address bar eliminate all the possibilities of man-in-the-middle attacks or phishing attacks.
Principally, there are two options available for website owners to create a secure login form. They are:
Other options to secure a login form: Apart from securing the login page with SSL, there are several other options available. They are:
Although, securing a login form of any website may seem like a very small step towards web-security, but without taking this step, users get a negative impression about the website’s security. On the contrary, by protecting a websites’ login form, you are rewarding users’ expectations about a web-security.