cancel
Showing results for 
Search instead for 
Did you mean: 

SSL for all forum pages. Utilize HTTP Strict Transport Security. Anything less is not secure.

Highlighted
Frequent Contributor

SSL for all forum pages. Utilize HTTP Strict Transport Security. Anything less is not secure.

All forum pages should be SSL/TLS. Anything less is not secure. While it likely won't matter to many forum users, it could to those who also have paid myFICO memberships.

 

I'm not a myFICO paid member, so I'll ask this: Do forum user logins also work for myFICO? If yes, that's a significant security risk.

 

While users can mitigate much of the risk by using secured wifi under their control, that's not always feasible. Such as for those who who frequently travel or have slow home based connectivity or limited mobile data quota and rely on public wifi instead.

 

Please implement SSL/TLS for all pages and utilize HTTP Strict Transport Security to protect users. Additional information can be found at: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

 

Starting Score Mar-15: EX-513, TU-507, EQ-510
Current Score Oct-15: EX-658, TU-631, EQ-628
Message 1 of 1