hi,

I'm just a bit concerned about the seeming lack of security when logging in to the AS site.

as you're using your eBay login and password, it concerns me that no padlock appears in the status bar in IE when you're logging in (which would indicate that the submission of your details is secure)

I don't feel very safe about sending my eBay login details to an insecure site.

I feel this definitely should be fixed.

Edit: I just realised there's also a link to a 'secure sign-in' page (where the padlock does appear) - but why allow users to sign in insecurely at all? Why not remove the login/password boxes from the home page, and just provide the link to the secure sign-in page?

I'm glad you found the link within the sign in box to the secure page.

https://www.auctionsniper.com/securelogin.aspx

So why give people the choice - surely a secure login is the ONLY method that users should have? Would eBay approve of you allowing people to log in insecurely using their ID and password?

R2

Some users browsers and computers don't work correctly with SSL. It's a small %, but still causes problems for some.

At the time we designed and built the site eBay's own servers did not offer secure login by default. It wasn't until early 2005 from what I can tell.

Since I don't anticipate us changing this in the near future here is the link to our secure sign in page for bookmarking:

https://www.auctionsniper.com/securelogin.aspx

Sniper Sara,

While your reply is helpful in letting us know why, it brings up even more questions.

- If the amount of users/browsers who can't use SSL is such a small percentile, then why support them and allow even more potential harm to be done with folks logging in non-securely? eBay login info is practically one of the top things that hackers, phishers, etc. are hunting for.

- I am a web developer and understand your concerns about the taxing of the servers if your entire site was secure. However, you aren't providing security where it is vitally needed. For instance, if I were needing to change my ebay login info under the 'Modify Account' area, that is completely non-secure! You are paying for the secure cert. Is it only being used through the inconspicuous 'secure login' link on the main page?

Been using Auction Sniper for a couple of years now and have referred a few as well. But I am now highly concerned with the choice of non-secure as default throughout the site. It seems to hurt your credibility.