So I made this Blogger/Blogspot/Google Blog account a couple weeks ago, and for the first several days I had been making sure to login to my Gmail account and then go to blogger.com, because I was sure that the Gmail login page is secure, while it's less obvious that the blogger.com login page is secure. The URL is http://blogger.com, not https, and there's nothing in the login form that says "we'll use SSL, promise." As it turns out, they do submit the password via SSL:
If I was only risking access to my blog I might not have worried so much, but I was using a password that, if intercepted, would give someone access to my Gmail. Why doesn't the login page mention SSL? Have we reached an era when people just assume sites are keeping their logins safe? (I hope not, cause it's not a safe assumption.) Or is Blogger just being sloppy?
No comments:
Post a Comment