You might not be getting all the swell recognition you deserve from your customers. If you have a customer login page and the login form is not on a secured HTTPS page, how will they know that they are secured? This is the first page of the website we’re talking about here (usually). After all, you may protect their important login information (all those usernames and passwords that your customers use for everything). But even if you have been keeping the login form on an unsecured page and submitting it to an HTTPS page using AJAX, how does the customer know that? They probably won’t, and you won’t get any positive recognition. Plus, there is still vulnerability.
Show Customers that Website Safety Starts at the Front Door
SSL Certificates provide security at the login point. There are various types of SSL Certificates used for this, varying in degree of protection. Ranging from the most secure certificate, which is an SSL Certificate with EV, to less expensive and more basic certificates. OWASP (Open Web Application Security Project) states that best practices require that all login landing pages must be an HTTPS page.
If you secure your login with an SSL Certificate, that login page is protected. All of the login information is secured and encrypted from the start. It is not sent to become encrypted on another page (and therefore only protected once submitted). It is important that the login information is protected as soon as it is put down because an attacker could gain information at that front door. Securing the login with an SSL Certificate stops the middle-man from intercepting the username and password by injecting a different URL which it would post to. Then the attacker would have the customer login information and it would be too late.
Even if other pages on your website are secure, it is important to not neglect protecting the login page. Anyone can secure certain valuables in a room and in a safe, but why not lock the front door? Lock down your business.
Secure Login versus the Standard Login
A secure login will provide:
- A gold lock icon
- A green address bar (if using the Highest End: SSL Certificate with EV)
- Security from the start (Protection from phishing, customer confidence)
A standard login provides:
- An http page with a form to enter login information
- No visual evidence that the login will submit to a secure page (if even true)
- All of this indicates to the user whether or not they are safe to enter in that same old login information that they probably use for all of their important websites. All of their familiar banking and other important sites probably already offer a visual cue to let them know their login information is secure. (Why not you too?)
How to Create a Secure Login with an SSL Certificate
Two approaches for making a secure login form:
- Acquire an SSL Certificate, then:
1. Create a separate page for logging in that is only accessible by HTTPS and which submits using HTTPS.
2. Permanently enforce HTTPS on the homepage where the login is also located. This is best if customers bookmark the HTTPS homepage rather than a separate login page.
Making the Customers Comfortable
Businesses increase customers when they feel at-home and are familiar with what they see. Aside from the visual confirmation of security, creating a secure login with an SSL Certificate offers real security. It protects against phishing attacks. It protects against customer insecurity. It protects your reputation.
If any of your customer’s login information was obtained because of relaxed security principles you can be sure that the news would spread. If a business loses such valuable information concerning a customer, there goes their reputation, and with it their business.
Lock the Front Door by Securing Your Login Page
All login pages should be protected by an SSL Certificate. Especially, if it’s your business. The job of protecting customers’ information has now fallen into the laps of those whom they transact business with. Now that the principle is firmly established, it’s up to the website manager to decide which type and brand that they would like to go with. The best type is an SSL Certificate with EV. But which brand of certificate is the most well-known and globally trusted? Visit www.sslrenewals.com to view the world’s most recognized and reputable brands.