Is OBiTALK login secure?

(1/2) > >>

202Owner:
I see no HTTPS when logging into OBiTALK.  Are my login credentials being transmitted in the open?  Is this secure access or could my OBi device(s) be at risk by someone able to compromise this traffic and my account?

LTN1:
When I open the obitalk initial site, it is not https. However, when I log in with my Google credentials, it takes me to the administrative site (where I can configure, etc.) and that site is https--secure.

Do you log in with your Google credentials or the non Google way? Can you try logging in with the Google credentials if you haven't already?

giqcass:
To be on the safe side use the following url to log in.
https://www.obitalk.com/obinet/login/


EDIT: I examined the login code.  I am not a security expert but the login even on the unencrypted pages post to a secure https address so I believe they should be secure.  You can use the URL above for peace of mind.  Perhaps someone with more information will speak on this topic.

So far as your Google Credentials are concerned Obihai no longer has access to them.  Obihai only receives an access token now.

202Owner:
Quote from: LTN1 on January 13, 2015, 02:19:22 pm

When I open the obitalk initial site, it is not https. However, when I log in with my Google credentials, it takes me to the administrative site (where I can configure, etc.) and that site is https--secure.

Do you log in with your Google credentials or the non Google way? Can you try logging in with the Google credentials if you haven't already?


I login the non-Google way.  If I go to login the Google way, OBiTALK appears to want to access my Google profile... which I decline, so no login.

Given the OBiTALK login is not secure, I will assume the OBiTALK portal security is suspect... as was their initial Google Chat implementation.  You can't offer multiple ways to login, some unsecure, and call it secure.

202Owner:
Quote from: giqcass on January 13, 2015, 08:56:16 pm

To be on the safe side use the following url to log in.
https://www.obitalk.com/obinet/login/

EDIT: I examined the login code.  I am not a security expert but the login even on the unencrypted pages post to a secure https address so I believe they should be secure.  You can use the URL above for peace of mind.  Perhaps someone with more information will speak on this topic.

So far as your Google Credentials are concerned Obihai no longer has access to them.  Obihai only receives an access token now.


I can only assume that if the browser does not indicate a secure connection, then the connection is not secured.  And the portal traffic is not secured.

Thanks for looking at it!

Navigation

[0] Message Index

[#] Next page