myFICO® Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Target Redcard Login Unsafe???

tag
Get Access Now
BluePoodle
Valued Contributor
‎01-25-2015 10:46 AM
‎01-25-2015 10:46 AM

Re: Target Redcard Login Unsafe???

@CreditCuriousity wrote:

weird google chrome is taking out the HTTPS as you can see it is crossed out for whatever reason..  Maybe Target let their certificate accidently expire and this is causing the chrome issue and chrome is catching it?  I will let other people chime in here..  Difference between HTTP and HTTPS in the simplest terms is the S stands for Secure and uses encryption, although there is more to it than that.  I work in tech, just in my line of work I really don't have to deal with browsers and certificates..  I am sure someone else will chime in here.  

Thank you! That is what I needed to know. I do remember reading that now that you mention it. So log in should ALWAYS be HTTPS?  I just checked login on my others and they are fine.  Not sure WHAT Target's deal is though.

CapOne $7500 | Discover $8500 | Amex ED $25K | Barclay SM $5700 | Chase Disney $500 | Chase Slate $5K | Target $3K | Hilton Amex $2K
Gardening Since 4/3/2017
Message 11 of 19
0 Kudos
BluePoodle
Valued Contributor
‎01-25-2015 10:51 AM
‎01-25-2015 10:51 AM

Re: Target Redcard Login Unsafe???

@CreditCuriousity wrote:
@BluePoodle wrote:
@elim wrote:
@CreditCuriousity wrote:

Ya I wouldnt be loging in without https....  

   ahhh is that what the strikethrough is in the addy? i don't know macs at all. does mac show the Veri-sign check like MS?

Yeah, that is what is striking through in red in addy bar. Considering I have no idea what a Veri-sign check is, I would say no, Macs don't have that. They generally do a couple of warnings like the photo I just posted stating that the site is not secure and asking if you want to proceed.

Verisign is a certificate...  Either they let it expire or something else is up... Their is no difference with a Mac or PC w/regards to if they let their certificate expire or whether it is another issue..  In other words if Verisign certificate was good it works on both mac's and pc just the same

When I collapse the warning, it states: NET::ERR_CERT_AUTHORITY_INVALID

 

The address shows up fine under Firefox, so I logged in there. Not sure if it is a Chrome update I need or something that is an issue for Chrome in general. ???

CapOne $7500 | Discover $8500 | Amex ED $25K | Barclay SM $5700 | Chase Disney $500 | Chase Slate $5K | Target $3K | Hilton Amex $2K
Gardening Since 4/3/2017
Message 12 of 19
0 Kudos
CreditCuriosity
Moderator Emeritus
‎01-25-2015 11:00 AM
‎01-25-2015 11:00 AM

Re: Target Redcard Login Unsafe???

@BluePoodle wrote:
@CreditCuriousity wrote:
@BluePoodle wrote:
@elim wrote:
@CreditCuriousity wrote:

Ya I wouldnt be loging in without https....  

   ahhh is that what the strikethrough is in the addy? i don't know macs at all. does mac show the Veri-sign check like MS?

Yeah, that is what is striking through in red in addy bar. Considering I have no idea what a Veri-sign check is, I would say no, Macs don't have that. They generally do a couple of warnings like the photo I just posted stating that the site is not secure and asking if you want to proceed.

Verisign is a certificate...  Either they let it expire or something else is up... Their is no difference with a Mac or PC w/regards to if they let their certificate expire or whether it is another issue..  In other words if Verisign certificate was good it works on both mac's and pc just the same

When I collapse the warning, it states: NET::ERR_CERT_AUTHORITY_INVALID

 

The address shows up fine under Firefox, so I logged in there. Not sure if it is a Chrome update I need or something that is an issue for Chrome in general. ???

Sounds like an issue on targets aisw/site, not chrome being the certificate is held on their end...  As a rule always update to the most recent version of Chrome... 

Message 13 of 19
0 Kudos
core
Valued Contributor
‎01-25-2015 11:12 AM
‎01-25-2015 11:12 AM

Re: Target Redcard Login Unsafe???

I would start by updating the certificate authorities list in Chrome as it may have gotten buggered up.  The cert itself is likely perfectly fine, but if Chrome doesn't trust the authority then it will make no difference. 

 

Message 14 of 19
0 Kudos
Kellan
Regular Contributor
‎01-25-2015 09:04 PM
‎01-25-2015 09:04 PM

Re: Target Redcard Login Unsafe???

Actually I went to the Target site in chrome so I could tell you what the issue really is. Google made a decision to not accept one type of older security that is supposed to be retired in 2017. But google decided to not trust these certificats anymore starting in 2015. The reason Target is not switchig certificates yet is because many people still use WinXP and the newer certs dont work with WinXP. Google is really just being a little over zealous. 

 

Target site has not been hacked and is safe. 

EQ: 678
TU: 699
EX: 736
Message 15 of 19
longtimelurker
Epic Contributor
‎01-25-2015 10:14 PM
‎01-25-2015 10:14 PM

Re: Target Redcard Login Unsafe???

@Kellan wrote:

Actually I went to the Target site in chrome so I could tell you what the issue really is. Google made a decision to not accept one type of older security that is supposed to be retired in 2017. But google decided to not trust these certificats anymore starting in 2015. The reason Target is not switchig certificates yet is because many people still use WinXP and the newer certs dont work with WinXP. Google is really just being a little over zealous. 

 

Target site has not been hacked and is safe. 

Works fine for me in Chrome on Windows (Chrome  40.0.2214.91 m)

Message 16 of 19
0 Kudos
nyancat
Established Contributor
‎01-26-2015 01:25 AM
‎01-26-2015 01:25 AM

Re: Target Redcard Login Unsafe???

@CreditCuriousity wrote:

Ya I wouldnt be loging in without https....  

It is HTTPS, look at the address bar. See the "HTTPS"? Yeah, it's HTTPS.

 

The red strikethrough though is usually not a good sign. It means that the HTTPS connection isn't trusted for some reason. I went to the same site in Chrome on a Mac and get the same error, and I absolutely trust my internet connection and DNS right now (it's a VPN to a provider I trust a great deal).

 

So, I decided to dig a bit deeper. This appears to be caused by Chrome using the built in certificate trust of OS X, and the trusted root certificates being out of date or otherwise not trusting this cert. If you look at the details at the bottom, the error is that the root CA isn't trusted. The same error occurs in Safari. Now, go to the top, click the padlock and look at the cert info. It's fine, and a trusted CA.

 

The issue is that OS X is having trust issues with "Cybertrust Public SureServer EV CA"

 

A quick Google search reveals that this has been an issue for years. Given it would seem an easy fix, there rather appears to be some reason Apple isn't trusting these certs.

 

I wouldn't worry about it at all, your connection is secure and every indication is that is the cert that Target is genuinely using. Just be sure to manually check the cert each time you go to the website to make sure you really get that cert and the cert looks valid-ish to you!

American Express Blue Cash Everyday - $11,000; American Express Platinum Cashback Everyday - £3,000; American Express Rewards Credit Card - £7,500; Aqua Reward Mastercard - £3,500; Bank of America Travel Rewards - $5,000; Barclaycard Freedom Rewards - £3,500; Citi Forward - $5,800; Discover It - $10,000; Halifax Clarity - £1,500; HSBC Platinum with Rewards - $5,000, MBNA Everyday Plus - £3,500
Message 17 of 19
0 Kudos
nyancat
Established Contributor
‎01-26-2015 01:34 AM
‎01-26-2015 01:34 AM

Re: Target Redcard Login Unsafe???

@longtimelurker wrote:
@Kellan wrote:

Actually I went to the Target site in chrome so I could tell you what the issue really is. Google made a decision to not accept one type of older security that is supposed to be retired in 2017. But google decided to not trust these certificats anymore starting in 2015. The reason Target is not switchig certificates yet is because many people still use WinXP and the newer certs dont work with WinXP. Google is really just being a little over zealous. 

 

Target site has not been hacked and is safe. 

Works fine for me in Chrome on Windows (Chrome  40.0.2214.91 m)

It isn't a Chrome problem. I noted some more details above. Apple is the one not trusting the cert. If you look at this page: http://support.apple.com/en-gb/HT202858 you can see that the root CA Target is using is not on the trust list.

 

This cert expires 2015-02-06 so I'm sure Target will get a new cert that Apple is trusting any day now Smiley Happy

American Express Blue Cash Everyday - $11,000; American Express Platinum Cashback Everyday - £3,000; American Express Rewards Credit Card - £7,500; Aqua Reward Mastercard - £3,500; Bank of America Travel Rewards - $5,000; Barclaycard Freedom Rewards - £3,500; Citi Forward - $5,800; Discover It - $10,000; Halifax Clarity - £1,500; HSBC Platinum with Rewards - $5,000, MBNA Everyday Plus - £3,500
Message 18 of 19
nyancat
Established Contributor
‎02-21-2015 01:35 AM
‎02-21-2015 01:35 AM

Re: Target Redcard Login Unsafe???

For anyone who cared, Target has switched to a cert Apple trusts.

American Express Blue Cash Everyday - $11,000; American Express Platinum Cashback Everyday - £3,000; American Express Rewards Credit Card - £7,500; Aqua Reward Mastercard - £3,500; Bank of America Travel Rewards - $5,000; Barclaycard Freedom Rewards - £3,500; Citi Forward - $5,800; Discover It - $10,000; Halifax Clarity - £1,500; HSBC Platinum with Rewards - $5,000, MBNA Everyday Plus - £3,500
Message 19 of 19
0 Kudos
Advertiser Disclosure: The offers that appear on this site are from third party advertisers from whom FICO receives compensation.