Although the login page shows an http connection, the login is sent using an SSL connection using the action=https line for forms sent from that page, meaning the login is secure. (I don't work for chess.com, I just know how to use browser tools and basic security knowledge) It's all good. :)
Why is Chess.com login page not secure?
Sort:
Oldest
Very good question, OP. I always click on Login if I open chess.com without entering any details. SSL isn't secured either. In fact, many browsers have stopped using SSL.
Apr 13, 2015
0
#4
Odd, I get an https when I log in. I don't know what the difference is between my setup and the OP's setup.
I just did a check of the Chess.com SSL connection with SSL Labs, and it got a "B". It could be worse, I guess.
I don't understand why chess.com doesn't have an https:// login screen, since there's credit card information associated with accounts as well as personal information.
With all the identity theft and fraud going on these days it seems inexcusable not to take security precautions on behalf of your users.
As it is, apparently my user id and password are sent in clear text over the Internet such that interlopers can potentially see it whenever I log into chess.com, at least from the home page.
Are there any plans to address that?