|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
15 Dec 2008, 12:22 AM | #1 |
Junior Member
Join Date: Feb 2007
Posts: 26
|
one (secure) login button please
does anyone know why there's still a "secure login" and a "login" button? I see the beta version still has the two!
I was talking to a fastmail-using friend yesterday who asked if her work sysadmin can read her webmail when she accesses it from work, and I had to explain that it's less likely if she uses secure session (where the sysadmin needs to hack her browser on her workstation) rather than the regular login (where they just needs to look at the proxy web server if any and/or mere ethdump from anywhere). of course she had no idea of the difference between 'secure login' and 'login' and it's not something that stands a chance of being taught to end users. so why not remove the 'login' button and make all logins do what 'secure login' does now? (or perhaps relegate the unsecure login to the "more" expandable thingy.) frankly I can't see any use for unsecure logins nowadays. it might have been useful when https support (both browser and networks) was patchy but nowadays it's universal and has been for some years. also the current setup contains a user interface disaster: if you regularly use secure login, the buttons' order swap (presumably a cookie remembers it), but then of course when you connect from another new machine they swap back, but you're used to click on the first button on your usual machine, so you end up doing unsecure login on foreign machines/network where you want secure login more than usual! swapping the order of important buttons is no good: the risk of doing the wrong operation way outweighs the alleged convenience of having the most common button first (which is about nil on a two button thing). so at the very least the order should be made fixed, with secure always first (so that non-techie users at least stand a better chance to get it right). |
17 Dec 2008, 08:08 AM | #2 |
Essential Contributor
Join Date: Apr 2002
Location: Maryland
Posts: 217
|
I gotta agree on having the default be a secure login. It seems silly to me not to have it always encrypted. Now, if there's a technical reason behind it, then that is a fair answer. I suspect it wasn't before due to processing power?
Even google fails at this.. not everything is secure even when you select "always use https" as there are insecure elements on the page. |
18 Dec 2008, 09:49 PM | #3 |
The "e" in e-mail
Join Date: Dec 2004
Location: a virtually impossible but finitely improbable position
Posts: 2,320
|
totally concur on this need. One login button.
Unless, of course, they put an option in the options screen to "always use Https" /cl |
20 Dec 2008, 07:17 AM | #4 |
Junior Member
Join Date: Sep 2007
Posts: 11
|
Totally agree on this one also!
When I'm on a public computer I often press the wrong, unsecured, login button by accident. This because when you visit Fastmail for the first time the default is unsecured login(!). In my opinion https should be the default (as with most mail services nowadays). I would even take it a step further: there should be a warning message when you are trying to login without https prior to actually logging in unsecured! |
29 Dec 2008, 01:51 PM | #5 |
Junior Member
Join Date: Dec 2008
Posts: 12
|
Agreed--at the very least, I think (as mentioned in other threads) the default should be changed to always be "secure login". Accidentally logging in insecurely at a coffee shop, sending your password in cleartext to the jerk in the corner with the ethernet sniffer would be really sad.
If there is some resistance to changing this, at the very least could we have an option for setting the default (or better yet--removing the insecure login option) for a custom domain login? e.g., the mail.userdomain.com setup with custom DNS pointed at STANDARD_MAIL. At least we should be able to agree on that, right??? |
30 Dec 2008, 04:07 AM | #6 |
Master of the @
Join Date: Apr 2002
Location: Twickenham, UK
Posts: 1,306
|
I also wanted to add my vote to "one (secure) login button" as I cannot see the point of keeping both
Could there be some occasions/environments where a user has to use a non-secure connection to be able to login? If not, I really do not see any argument to keep the "non-secure" option... Just my 2 cents |
30 Dec 2008, 04:55 AM | #7 |
Cornerstone of the Community
Join Date: Jan 2003
Location: The Village
Posts: 616
|
I suppose an argument can be made that people should be protected from their own ignorance by those who know better, but we know from the history of the world what that can lead to
An argument could also be made from the point of view of processing cycles. I don't know how many more it takes to do every pageload under SSL compared to not. I know that there are many people in the world who honestly could not care less about their own privacy or security on-line. Seems irrational, I know But there are a lot of people like that. If it costs a lot of cpu cycles to do SSL, then it makes sense to me that FM might want to keep it optional. Let the people who value it use it, and for those who don't, let's not burden the system. Freedom! Let's keep the freedom to be irrational Dave |
30 Dec 2008, 04:08 PM | #8 |
Master of the @
Join Date: Nov 2006
Location: Ghent, Belgium
Posts: 1,027
|
Isn't it because https might be blocked on some networks, whereas http has a higher change of being allowed on networks?
|
31 Dec 2008, 01:26 AM | #9 |
Cornerstone of the Community
Join Date: Jan 2003
Location: The Village
Posts: 616
|
That might certainly be the case...
|
31 Dec 2008, 01:50 AM | #10 |
The "e" in e-mail
Join Date: Dec 2004
Location: a virtually impossible but finitely improbable position
Posts: 2,320
|
|
31 Dec 2008, 04:06 AM | #11 |
Cornerstone of the Community
Join Date: Jan 2003
Location: The Village
Posts: 616
|
What feature was that? I thought we were discussing the removal of the standard (non-secure) login button?
Dave |
31 Dec 2008, 08:51 AM | #12 |
Junior Member
Join Date: Dec 2008
Posts: 12
|
Ideally, I'd like to see the insecure login button removed from the main page, just to protect people from themselves. Leave the insecure login a link away for those who can't use SSL from their location. (e.g., click here for a non-secure login page)
If that's too controversial, at the very least let me force my whole family to log in securely by removing the insecure login option from my domain-specific login page. |
2 Jan 2009, 02:43 AM | #13 | ||
Cornerstone of the Community
Join Date: Jan 2003
Location: The Village
Posts: 616
|
Quote:
Quote:
Dave |
||
6 Jan 2009, 07:51 PM | #14 |
Member
Join Date: Jan 2009
Location: UK
Posts: 34
|
I'm new to FastMail, and, with my previous webmail, was accustomed to entering username and password and clicking enter for default secure login. My practice is, fairly randomly, to close and open my webmail while browsing, and to close and open my browser while working at the computer, with my browser set to delete cookies on closure. So I experience oscillating login buttons and defaults.
Of course, I need to look for and click on the oscillating secure login button, which is an extra step to the login. A few times, I've even logged on fast and clicked enter, and felt obliged to change my password. So I agree that there should be a default secure login button that doesn't move. |
7 Jan 2009, 01:09 AM | #15 |
Cornerstone of the Community
Join Date: Jan 2003
Location: The Village
Posts: 616
|
I agree that it's bad that the buttons play musical chairs. They should stay put. Then you have the chance to develop keyboard-habits that won't get you in trouble at different times.
(oh, and welcome to the forums, Obius ) Dave |