Homeless Fanfic Lover (Guest)
Fri 17
Aug 201206:36PM UTC
Okay, I use google chrome, and up in the the address bar, before the website address, is a little symbol that will pop up to show your connection to this website is encrypted. What's been bugging me about AO3 is that when I click on the log-in option, that green lock and the https isn't there, meaning if I were to log-in to an account on this site, then it wouldn't be encrypted while I do so. When you finish with your firewall, will that symbol be there, assuring me that my password is thoroughly protected, like when you access your email?
P.S. I don't have an account on here yet, but I'm still wondering. And sorry if this is a question I was supposed to send to support instead.
Right now, no, we don't have site-wide SSL/TLS support - in fact, we've had some issues reported by users who have plugins to force https addresses. We do have a suggestion (https://trello.com/c/HLVThdjo) on our public Feature Requests board (Tools FAQ) for it. The coders do consult that page when prioritizing future development, so I'll make sure to note your comments there!
It's fine to ask questions here, especially when it's so relevant to the topic of the post (although sometimes Support can be a bit faster to respond - not an issue for you today, though!).
The firewall upgrade isn't related to https authentication, no. Very roughly speaking, https is a protocol designed to secure communication between your personal computer and another site - for example, it helps prevent someone 'sniffing' your wifi connection and stealing your password when you enter it. The firewall we're installing is designed to secure access to our servers, so it makes it harder for someone to launch an attack which actually accessed our servers and made them do stuff we don't want them to (like, say, giving up ALL the passwords stored on our servers).
Currently we do have an SSL certificate (which verifies we are who we say we are) and we offer an https connection, but we don't have https authentication built into the app - this is normal for sites like ours which don't handle sensitive data such as payment details, social security numbers, etc. However, if you use a browser extension like https everywhere you will automatically take advantage of our https connection. We might consider integrating https authentication more fully in the future if it seemed necessary, but it's relatively low priority because we're not really handling the kind of data that is usually the target of the type of attacks it protects against.
Passwords are stored encrypted on our servers and we practise other good security standards, for example we never email you your password in plain text. However, it is always a good idea to protect yourself on any site by ensuring you use a unique and strong password. :)
I hope that makes sense and answers your question!
Lucy
AD&T / Communications / Support
Addendum: For anyone else who might not previously have paid attention to those little icons in the browser and is now curious, Chrome have a guide to their Website security indicators.
ETA: Whoops, I had this open in my browser and didn't realise Sam had also commented - much more succinctly than me!
Homeless Fanfic Lover (Guest)
Sat 18
Aug 201207:24AM UTC
To LucyP and Sam_J:
Wow, thanks for such a prompt reply! And thanks, both of your answers make a lot of sense. I'm just really paranoid about my internet safety, and want to make sure my information is protected. Can never be too careful now that identity theft is so common that they have commercials about it, lol. You guys are great and so is this website, and I hope you can get all of the bugs sorted out soon, or you just get more awesome coders (I'd offer, but I barely even know the basics). Keep up the fantastic work!
Comment on Update: Site problems and our firewall upgrade
Homeless Fanfic Lover (Guest) Fri 17 Aug 2012 06:36PM UTC
Comment Actions
samjohnsson Fri 17 Aug 2012 07:56PM UTC
Last Edited Fri 17 Aug 2012 07:58PM UTC
Comment Actions
LucyP Fri 17 Aug 2012 09:01PM UTC
Last Edited Fri 17 Aug 2012 09:02PM UTC
Comment Actions
Homeless Fanfic Lover (Guest) Sat 18 Aug 2012 07:24AM UTC
Comment Actions