Amir Herzberg wrote: > 1. I keep a `Hall of shame` of unprotected login pages, at > http://AmirHerzberg.com/shame.html; I've recently updated it
At least Bank of America also offers SSL protected login page(s). But most users won't find it. When you go to BoA main page it has a prominent login area, so that's what people will use. You can get to the secure login page by following the Sign In link at the top of the page, then following the appropriate Sign In link from the next page - but there are 12 such links on that page, making it hard to figure out what to use. By the way, an added benefit of going through the buried SSL-protected login page is that you can make your browser remember your login (if you so choose). The main page login changes your login and password fields to ***** before submitting, so your browser's remember password functionality will store that instead of the real login. -- Heikki Toivonen _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
