6 {{ upvoteCount | shortNum }}
6 {{ upvoteCount | shortNum }}

Secure sites?

by kbrockm
5 replies
I've had more than one situation recently where a site has legitamately requested my social security number, but I'm not seeing a little lock at the bottom of my browser, nor does the URL begin with https://. When I've asked, they assure me the site has bank-level security.

I want to believe them, but I had a friend who's identity was stolen and I saw the hell she went through. I'm very careful about stuff like this. Are there ways other than what I've described to be sure a site is secure?

--Kim
#secure #sites
  • Profile picture of the author SteveJohnson
    If they're not running under SSL (the 's' in https) the site isn't secure, and anyone with a modicum of talent can read any data you put in a form and submit.

    There are VERY FEW entities with a legitimate reason for needing your SSN, the majority of which are either government or financial institutions. Think more than twice before giving that out, and NEVER do it over a connection that isn't https://!!
    Signature

    The 2nd Amendment, 1789 - The Original Homeland Security.

    Gun control means never having to say, "I missed you."

    {{ DiscussionBoard.errors[5033903].message }}
    • Profile picture of the author DEaFeYe
      Banned
      [DELETED]
      {{ DiscussionBoard.errors[5033925].message }}
      • Profile picture of the author kbrockm
        They are a firm that is contracting my services. I DO believe they are legitimate, as I've worked with them before. The question is strictly about their site. I'm not afraid of THEM having my SSN, but of others being able to pick it up in transmission, if it is not adequately protected. Are you saying the "https://" is the ONLY way to assure it's a secure site?
        {{ DiscussionBoard.errors[5034036].message }}
  • Profile picture of the author kbrockm
    OK. don't worry, it's not an online business, and I wouldn't necessarily expect them to know everything about building a website. They just do some communications that way, just as every offline business does by now. Thanks for your help.
    {{ DiscussionBoard.errors[5034895].message }}
  • Profile picture of the author SteveJohnson
    Yes, Kim - the 's' is the only way to ensure that the site is secure. Data is encrypted in the browser before it's sent into the internets, and only the site with the proper certificate can decode it. Whoever is telling you this is 'bank-level security' is yanking your chain.

    Any offline business that asks for private information over an insecure connection should be educated that what they are doing is VERY dangerous. Further, if they are asking for your information in this way, are they also storing it in an insecure fashion?

    If they need your SSN for a tax form or something, you should print it, fill it out, and mail it.
    Signature

    The 2nd Amendment, 1789 - The Original Homeland Security.

    Gun control means never having to say, "I missed you."

    {{ DiscussionBoard.errors[5036827].message }}
  • Profile picture of the author SeeSharp
    Yeah, always make sure that a site is ssl securec (lock at the bottom) and if you have firefox there are additional add-ons like WOT to help you.
    {{ DiscussionBoard.errors[5045351].message }}

Trending Topics