Public perception of submitting non-https forms

Forum Moderators: phranque

Message Too Old, No Replies

Public perception of submitting non-https forms

to secure or not to secure

chadmg

5:02 pm on Jun 24, 2004 (gmt 0)

What do you think public perception is of submitting a form that is not secure? Credit card, social security numbers, and the like should certainly be secure. But what about addresses, phone numbers, email, grades, etc? I would love to see a current study on people's thoughts about internet security. I'm sure it changes all the time with the public's perception and familiarity with the internet. Your thoughts please...

txbakers

5:48 pm on Jun 24, 2004 (gmt 0)

I'm qualified to speak on this one.

I run a site where people can enter student information on the web. While credit card payments are done through https (third party) basic usage is still http. A few people have flatly refused to use my product without the HTTPS, and a few others have expressed concern about it, but the majority haven't complained.

None of the data, including name, address, phone, is really secure data anyway - most is available from a wide variety of other sources, include the phone book.

So, for now, I decided not to implement the HTTPS connection for this.

henry0

10:24 pm on Jun 24, 2004 (gmt 0)

I second TXBakers
and add: You will be surprised by how many people have no clue

remember there are still people giving away their credit card number etc... upon a polite call!

txbakers

5:13 am on Jun 25, 2004 (gmt 0)

or to wives of Nigerian bankers.....

chadmg

1:22 pm on Jun 25, 2004 (gmt 0)

I agree, most people don't have a clue about internet security. I've been arguing the point with my boss. His point is that if you secure the page you won't be turning anyone away, like that one guy who will refuse to submit info without the little lock icon. It is a valid point.

What are the cons to putting something under https. I know that a big one is that you can't pass a session from http to https without using get or post. Image loading times seem to be longer. You need to make sure that all required files are loaded through https so they don't get that warning. What else?

[edited by: chadmg at 1:40 pm (utc) on June 25, 2004]

pageoneresults

1:26 pm on Jun 25, 2004 (gmt 0)

In the past, I've actually seen a few users get scared of the dialog box that pops up telling you that you are entering or leaving a secure site. ;)

chadmg

1:52 pm on Jun 25, 2004 (gmt 0)

If done correctly, they shouldn't receive a warning about entering a secure site. Often times people don't change their server side includes to use the full image urls with https, and people will get that warning about loading insecure items on a secure page. That can definitely be discouraging. But if done correctly, users will only see a warning about leaving a secure page.

henry0

3:46 pm on Jun 25, 2004 (gmt 0)

Another approach
Create a simlink of the whole site pointing to "secure" server Zone
so all trascation are driven from the secured area
translates by: An user never get in and out and again... for the user is kept within the HTTPS secure zone