Secure Logon?

I don't get it. When I need to logon to a secure site, I expect to see a https url before I enter my username and password. All the sites listed below (except Citibank) prompt you for the user name and password on a http page and it says that the information will be posted via https. Even though what they claim is correct, I do not feel comfortable with the approach. How do I know that the http page I am looking at is spoofed or not? Check out these sites:

The way I work around this is to bookmark the secure url. Example: PayPal

Is it really that CPU intensive to run the default homepage on 443? Could they have used SSL acceleration? How about a logon button on the default http page that redirects me to a https page where I can enter my credentials?

4 Comments

  • Yes, this is one of my pet peeves as well.

  • That paypal link redirects to https for me. Also the Discover home page has a secure login "learn more" link right above the username section.



    For the others though, blatently unacceptable, heck maybe even for the Discover one too, it should be https by default.

  • Don't forget Bank of America! I was actually talking with a teller who tried to tell me that it was perfectly secure to login from the HTTP link on their homepage even though they have a very deeply buried HTTPS login page. Needless to say I have switched banks.



  • I have found that some sites I use such as discover.com and chase.com do have "real" https login pages that are difficult to find. I perform a google search for "discover secure login" or "chase secure login", double-check the URL, and I can log in through one of these pages.

Comments have been disabled for this content.