w3schools.invisionzone.com SSL issue?

[JohnDahl]

When I login to this site I get a warning pop-up, however the certificate itself it looks ok (except the amazon part).

What is up? Is this a cert. configuration issue or is the login information really not routed via a secure connection?

[justsomeguy]

It looks like that form action does not use HTTPS.

[Ingolme]

It would be a good idea if they could update the forum to use a secure connection. Right now it's all over plain HTTP.

[justsomeguy]

I don't get any certificate warnings, but it looks like the canonical URL is set to HTTP, so it probably uses that for things like the form actions.

[dsonesuk]

Firefox version update 52 onwards start to give warning about insecure login with certificate warnings, but as http://w3schools.invisionzone.com is not fully actively using https throughout its site and even though it exists to use, it would swap from secure back to insecure so it was pointless trying to use the secure https: so i just set it to ignore, it just shows a question mark in site info icon.

[Html]

I wouldn't be too concerned, I think this forum has always been without a certificate.

[JohnDahl]

Well, I personally am not concerned about it since I use a different password, email and login ID for every site that requires a login (and store it all in passwordsafe), but anybody who uses the same information here as they do on facebook (or worse, their bank) should be concerned, especially if they access this site from a public wifi location where their information could be scraped.

It blows my mind that in 2018 online companies don't use SSL's for every page, especially after eff.org started letsencrypt.org and made certs (with PFS even!) free for everyone.

 w3 school's use of this forum site looks like an endorsement of this practice.