Staying Logged-in to Forum

[Kidbee]

Is it safe to stay constantly logged in, to this forum, without logging on and then signing off after each viewing?

The reason I ask this question is that another forum site I am on, posted this--

"And in case you missed it, we switched the forum over to full SSL. This basically means the connection between your computer and our server is completely secure, just like when you log into your online banking."

I have no idea what 'full SSL' means, but is this Woodwork Forum a secure connection as well?

[Optimark]

I don't believe this forum is as secure as a bank web site, but then again I'm not trying to extract money from it.

I have been a member for quite a number of years and used at least four computers, including the current one which is a whiz bang super duper computer about one month old. I also use a tiny 25cm laptop to access the site and have done so since purchasing that laptop about four years ago.

In all cases I have left my log in on, so that when I come back I'm straight into it.

Most secure websites will have a padlock symbol showing somewhere to let you know it's a secure site, can't see one on this site.

Mick.

[Master Splinter]

"Full SSL" means that the site has the Secure Sockets Layer active, meaning that information you send to the site (ie the text you type into a thread reply or whatever) is encrypted using the site's public key.

So you type in "Staying Logged-in to Forum", and this gets sent to the forum (when you press the button) as the cyphertext "Fgnlvat Ybttrq-va gb Sbehz" (if it's using the ROT-13 cypher...which is just an example of a cypher). It's actually bit more complex than that, but I'll gloss over the details!

You can tell if a site is using SSL as instead of page URLs starting with "http:/" they will start with "https:/", the "s" standing for 'secure'. So to answer your question, no, general text is passed to this site as plaintext.

However login data/username is stored on your PC as an encrypted cookie. When you log on, the site checks to see if you have a valid cookie for your userid/password, and if you do, it authenticates you.

[Optimark]

I love this forum, wonderful explanation, although I have no idea what I'll ever do, if anything, with that explanation.

Mick.

[Kidbee]

"Full SSL" means that the site has the Secure Sockets Layer active, meaning that information you send to the site (ie the text you type into a thread reply or whatever) is encrypted using the site's public key.

So you type in "Staying Logged-in to Forum", and this gets sent to the forum (when you press the button) as the cyphertext "Fgnlvat Ybttrq-va gb Sbehz" (if it's using the ROT-13 cypher...which is just an example of a cypher). It's actually bit more complex than that, but I'll gloss over the details!

You can tell if a site is using SSL as instead of page URLs starting with "http:/" they will start with "https:/", the "s" standing for 'secure'. So to answer your question, no, general text is passed to this site as plaintext.

However login data/username is stored on your PC as an encrypted cookie. When you log on, the site checks to see if you have a valid cookie for your userid/password, and if you do, it authenticates you.

So should we constantly log on and then log out?

[Master Splinter]

So should we constantly log on and then log out?

Depends on how secure you like to be.

For maximum security, your passwords are all 256-bits long and are completely random (3nDf*90(8h@wKDv]89X13^Kb"k,t79_ 52yNkL;}3*f0/Je712m> etc ), ensuring that a brute force attack would be unlikely to succeed in under 3×10⁵¹ years (which is considerably longer than the half-life of the proton, according to some estimates of proton half-life).

...And you don't store them on your computer, and you have a unique password for each site, and you memorise all of them and never write them down.

Personally, the only sites where I wouldn't auto-login are ones with monetary/informational consequences (banks, paypal, neverwinter, minecraft). If I auto-login at least I can have the computer remember passwords and login details for me so I'm not using the same email address and easy to remember password all the time.

Sites with no financial or personal information consequences...I don't really care!