I'm getting a warning on the login screen that there is no SSL and in addition a warning on the password reset screen that there is no SSL.
The lack of SSL on the main site is one thing but to have no SSL on password screens is unacceptable.
No SSL on login?
I'm getting a warning on the login screen that there is no SSL and in addition a warning on the password reset screen that there is no SSL.
The lack of SSL on the main site is one thing but to have no SSL on password screens is unacceptable.
Yeah got same issue, it is not really good thing or even minor, I noticed even with https and valid certificate, it is redirect you to normal http, someone seems forgot to comment or uncomment code in main site
Hello People
The homepage is not secured with SSL but the login is still done with a SSL secured request.
You can see it if you follow the network traffic of your browser when you press the login button.
This is true, as well any transactions on the shop.Originally Posted by Durin_d
The login for this game is insecure (as it has always been). The login request over SSL only protects against a passive listener from seeing your password. A man-in-the middle (can for example be anyone offering wifi) can quite easily intercept the login credentials by changing the (unprotected) login from to NOT use SSL anymore or to submit it to a different site, owned by the attacker (which could possibly also redirect/relay the request to the real server, such that everything appears normal and people don't get suspicious).
So it is good when a browser warns for this.
It is bad that even if you try to login securely by requesting the site via https (which the server accepts) you get redirected back to the http version.
Use a unique password for the game. Then you have very little risk. Anything can be hacked. Absolutely anything - if the attacker is skilled and interested enough.
Please don't use the same password for (example) your banking and your gaming. That's just asking for it.
Also, I recommend a low balance credit card (I have one I use online with only a $750 limit). Even though most of the time banks will back you up if you claim a fraud, it helps prevent large hassles.
Sorry, but I've slept since then...
Doing some more research and the problem is that you have not provided the protection against a man in the middle attacker from extracting the password
Last edited by BB_Saqui; 10.03.17 at 11:14. Reason: Link deleted
Our issue is lately we get this box when we try to login:
Hello People
You will see this error because not all of our website uses HTTPS. However, all the important stuff like shops, logins, etc are all secured with HTTPS. If you'd like to verify this, you can pull up confirmation via a browser's console on those respective pages.Our issue is lately we get this box when we try to login:
As for that popup box: you can either completely ignore it, or click "learn more" and there should be a way to whitelist the site.
I understand, but it was not here before, it is new maybe with the newest versions?
also, in chrome update 56 added this:
I don't think it is really expensive to make it HTTPS for the main site as well, I do understand what do you mean, but I think it must be passed to developers to make it for the whole domain, it is really good I think, also, most of sites that care about privacy specially with those information that descried here:
https://legal.ubi.com/privacypolicy/en-INTL
And I see the settlers do some tracking on us:
also, if you look into most ubisoft sites including games, all are secured.
It will confuse users, maybe better just to put that SSL on domain, really most of new users or who already using settlers will not feel so comfortable with those warnings around, actually I'm not as well, even I know really many technical and development details, but still, not really so comfortable .
Hello People
Posting Permissions
