Saturday, July 16, 2011

State Farm Encourages Living Dangerously

State Farm is another company that is trying to get customers to ignore TLS (or SSL for my fellow old-timers) by encouraging customers to log in from an apparently insecure page:











The form action for password submission is https://online.statefarm.com/apps/sessionmgmt/LoginService.asp? and that very well may be secure, but the fact remains that they are training their users to submit insecurely.

1 comment:

Hayden said...

this assumes a standard user has any clue of ssl/ tls. i did an exchange server implementation that only worked in ssl (https:) and had so many calls of people that could not connect i eventually setup an auto-redirect to deal with them typing in http. how many calls warrant this?