Browser warning 'login not secure'

This message has not appeared because of any failure or change in your website's security. Rather it is a change in certain web browsers (Firefox and Google Chrome), which have recently started showing this warning on sites aren't using an additional layer of security known as HTTPS.

The warning is highlighting something which could be made more secure, not that your website has suddenly become less secure.

The security warning also relates very specific aspect of the website (the passing of information such as a member's website log-in from their browser to our system), and is not because our system is generally insecure.

We take the security of clubs' and members' data very seriously. Our websites are run on servers that are maintained and monitored by a specialist hosting company two decades of experience in this field. There is no suggestion that the storage of members' details on our systems is in any way insecure or unusually vulerable to attack.

To draw an analogy, the computers that run our websites and store members' data could be thought of as being like an office block, and this building has the appropriate modern security features you would expect. Information passed to our systems (e.g. a member entering their log-in details) is like post being sent to and from the building.

The warning you and your members will see in Chrome or Firefox is that -- in the terms of our analogy -- it would be better if we were able to accept post with encrypted messages inside, in case someone manages to intercept some of our post and steam open the envelopes.

The chances of most members having their internet traffic intercepted in this way is very slight. The main 'real world' example of where such extra security measures are likely to be a notable improvement would be to a member who is logging in to the website over an unsecured public wifi network. A member logging in from a home broadband network, on their mobile, or in the office would need to be the target of a sophisticated attacker before additional encryption would be needed.

CLUB View is nonetheless committed to keeping members' details secure and to ensuring we meet emerging security standards. It is a substantial task to implement this individually on every one of a couple of hundred website, but for a number of months we have been working with the company that manages our servers to add encryption of data as it passes between the websites' users and our system. Having successfully put in place and tested the technical foundations, we are currently (as of November 2017) in the process of upgrading clients' sites. Once a site has been upgraded these warning messages will no longer appear.

Have more questions? Submit a request


Article is closed for comments.
Powered by Zendesk