Account login Security change

[Janet H]

I wanted to let you know that in the next day or so you may see a small change to the site login screen. This is being done as we add an extra layer of security to usernames and passwords. The login pages, registration page and pages where you might update your account login info will be behind an https url rather than the usual http url.

This change is being made to stay current with recommended security practices and not in response to any problem with the site or accounts.

HTTPS adds security in several ways; verifying that the site is the one a server is supposed to be talking to and by preventing tampering by 3rd parties. It stops Man-in-the-middle attacks, improving security for both the site and for those logging in.

This should not impact your usual browsing experience. You will still login, still tick the remember me box, etc. The location of the login button has changed however and the page looks a bit different.

 

[Sunset]

Great !!
Thanks for the heads up.

 

[Chuckanut]

An ounce of prevention is worth a pound of cure.

 

[GrayHare]

Will there be an alternate method for those of us who don't have access to https with their software? I need a browser that does not automatcally scroll display contents (i.e. via anything but me using scroll bars or mouse wheel), but all the https-compatible browsers do dizzying content auto-scrolling.

 

[ERD50]

Will there be an alternate method for those of us who don't have access to https with their software? I need a browser that does not automatcally scroll display contents (i.e. via anything but me using scroll bars or mouse wheel), but all the https-compatible browsers do dizzying content auto-scrolling.

What are you talking about? I've used a bunch of different browsers, can't recall one that scrolled unless I told it to (mouse scroll, scroll bar, arrow keys, space key, or page up/down keys).

Are you inadvertently holding down the space key, and seeing that scroll?

Can you give an example?

 

[ziggy29]

HTTPS should have nothing to do with auto-scrolling. It's just a secured browser session.

 

[Janet H]

HTTPS should have nothing to do with auto-scrolling. It's just a secured browser.

Right - it doesn't but I think the underlying issue is about how browsers handle anchor points. When you login and open a thread you are taken to the latest unread post. The screen moves. Some very old browsers don't respond in that manner but also are not https compatible.

I'm not sure we have a great solution here but are investigating some workarounds.

The Firefox browser has an addon that allows users to control anchor behavior - it might be of some use: https://addons.mozilla.org/en-US/firefox/addon/show-anchors-4/

This .gov page has some useful info about how to manage SSL issues on older browsers: https://gsaxcess.gov/htm/btsguideSSL.htm

It's worth noting the above link is behind an https view... still a good read with screen shots.

 

[GrayHare]

Right - it doesn't but I think the underlying issue is about how browsers handle anchor points. When you login and open a thread you are taken to the latest unread post. The screen moves. Some very old browsers don't respond in that manner but also are not https compatible.

Could be anchor related, I've never been sure. The problem is text or images that display first then change their visible screen location "on their own", which means without me using the scroll bar or mouse wheel. Old browsers (that by coincidence lack https) do not operate in that fashion, instead after they display an item it stays put visually until specifically moved by the user.

 

[MichaelB]

Could be anchor related, I've never been sure. The problem is text or images that display first then change their visible screen location "on their own", which means without me using the scroll bar or mouse wheel. Old browsers (that by coincidence lack https) do not operate in that fashion, instead after they display an item it stays put visually until specifically moved by the user.

I've noticed this, and just assumed it was some resizing or repositioning of images or text. A real PITA, as I often click on a link just as the page "resets" itself, leading to the wrong link.

 

[ziggy29]

I've noticed this, and just assumed it was some resizing or repositioning of images or text. A real PITA, as I often click on a link just as the page "resets" itself, leading to the wrong link.

I've seen that too. But there is no logical reason why it should have anything to do with HTTPS versus HTTP. If there is a connection, it is a software bug.

 

[GrayHare]

I've noticed this, and just assumed it was some resizing or repositioning of images or text. A real PITA, as I often click on a link just as the page "resets" itself, leading to the wrong link.

I'm with you on that, and believe it's a case of the browser reformatting the page to fit new elements, such as an incoming image. Another example is when one clicks a button or link and the page unexpectedly starts rolling to a new location rather than just replotting at it. AFAIK there are no plug ins that can block that from happening in newish browers.