FAS "Not Secure" in browser

[nameless]

hi all admin-types --- I just noticed that in my browser bar FAS is showing as "Not Secure" which means it's no longer an https connection. When did that happen? In my browser it's bookmarked/saved as Https which it used to be, right?

I just want to put out a warning to folks to not use a password for their FAS account they use anywhere else, particularly if it's attached to the email address they use for FAS.

thoughts?

[SilverLining]

I’m not seeing that, but I don’t have to sign in each visit. Would that be why?

I did suddenly start seeing that message on a different forum though.

[Rebekah]

Looks like I need to install an update, but it’s not working right.

[rebekahc]

Wow, that was weird - not sure if it was my computer or the site, but I logged out and then couldn't get logged in again.  My user name and password kept disappearing as soon as I hit the login button.

[rebekahc]

After working with tech support on making sure the updates went through correctly, I asked again about securing the site.  I would need to pay for an SSL certificate each year - it must have stopped being included in my annual costs at the end of November when the contract renewed.  Adding it will double my cost. 

[rebekahc]

Okay, I've been working with our provider and we should be good to go with https now.  Some members may need to enter their password again.  If anyone has trouble remembering your password and no longer has access to the email address linked with your account, please get in touch with me and I can either update your email address in your profile and then you can use password recovery or I can just assign you a new temporary password to gain access and you can set a new one in your profile.

[Stinky10]

I'd be happy to contribute some $$$

also the site is really slow today

[Stinky10]

and  I AM seeing the "Not secure" to the left of https://foodallergysupport.olicentral.com/index.php?action=post;topic=12456.0;last_msg=281820

[rebekahc]

Stinky, thanks for offering to contribute.    We’re looking at how to work the logistics of that, now.  Once we have a plan in place, we’ll post about it.

I’m getting the https on everything I see and Firefox no longer shows the lock with the red line through it. Maybe if you log out and log back in?

[nameless]

Thanks! It shows as secure https to me now, which is good.

It still might warrant a warning to folks to change their password and if they used the same password elsewhere to change that as well. Not sure ya'lls background, and I don't want to come off as "mansplainy" (not sure what the female equivalent of that is?) It's not  my intention...OK -- so if a website isn't https and just http that means that if a user logs in then anyone on their wifi network (like it's a public one, Xfinity, Starbucks, etc.) or sniffing around cell tower traffic will be able to read that login information. It's not protected or encrypted very well. Then, if the email is sniffable, the bad-person will go around and try various websites (usually with a script or bot) trying to log in with that email address and password combo.

Not sure what the risk is for OLICentral sites and if they use a different layer/protocol that would help protect, but I'm guessing it doesn't.

I think setting up a Go Fund Me or something to get the funds needed, folks would do it

[Macabre]

Thanks, nameless. I didn’t realize the url wasn’t SSL, since I only use my phone to come here. I’m glad you noticed. I should have.

[Stinky10]

I logged in and out and still see Not Secure at the top - but only in the forums - not on the index

also the site is slow - feels like there is a redirect going on

[rebekahc]

We have two domain names that redirect to our actual site.  foodallergysupport.com and .org both redirect to foodallergysupport.olicentral.com  I haven't noticed any unusual slowness and all my pages show https.  Not sure what could be going on with yours, perhaps Nameless (who is not womansplaining because she actually has much more knowledge than I do ) would have some ideas?

[Stinky10]

I'll reboot later and try different browsers
but every click on this site - has a pause - pause - then go
just started
and still says not secure - in lots of pages - I see it now. 

anyway my password is BringonSummer2019!**12# 

hahahahaaa….kidding...

[rebekahc]

Okay, I read up on it a bit.  It seems our site is transmitted in https, but some of our content may still be in http.  Just on a cursory check, it appears the image for our banner at the top is in http, but so far everything else I see is https.  The banner is hosted at photobucket and I'm scared to mess with it right now since photobucket now wants to be paid for what used to be free.  Once I can find a way to either get a new banner or transfer what we have to another image hosting site, I'll see if that fixes the mixed http/https issue.