Credential harvesting is possible without website encryption.
Besides the fact that any website without encryption (without HTTPS) is lowly ranked on search engines like google and marked as “Not secure” on most modern browsers, it is no surprise that a website like that provides easy access for hackers to harvest credentials and proceed to hacking user accounts on those websites. It is not clear as to why there have been many similar websites popping up in the country and one would think that in this day and age, designers, developers or anyone working with websites would be a bit more cautious and aware of the dangers. Thereby ensuring that client websites are safe from being hacked. Unfortunately, being vigilant is not as simple as it may sound.
Is it a lack of awareness on security issues or is it just negligence on the path of those designing and hosting websites? I used to think that the former is true. However, this is a trend that is becoming more and more common and could point to the fact that some people are simply ignorant. In saying that I mean they know the risks instead they choose the easy way of doing things. They choose to take shortcuts.
The fundamental importance in encrypting websites is the fact that it adds a layer of security. For example, given a scenario where hackers try to harvest credentials on a website in-order to hack into accounts, the task is an easy one when the website is not encrypted. An attack can be performed on a website that has a login page or a database with stored user credentials (username and passwords). A man in the middle attack can be performed to steal user credentials. On the other hand an encrypted website adds a layer of security and ensures that the hacker’s task of collecting credentials is not that straight-forward. Although this is not to say that an encrypted website cannot be hacked. There is a layer of security because of encryption.
A website without encryption is like opening your door while you go to sleep at night and not expect a prowling jaguar to walk in and attack you in your sleep. This may not be the best analogy but you get the point. Where there is no encryption, there is just no security. It is that simple.
It is therefore crucial to make sure your websites are encrypted before publishing them online and please do not play this dangerous game with e-commerce websites. Simply avoid doing that altogether as publishing an e-commerce website without encrypting it first is way too dangerous. Confidential data such as visa card details, passwords, etc., if harvested by hackers can be detrimental for business and can lead to huge loss and damage done to people’s lives. Please take heed and try to follow security and industry best practises in website development.
Thank you! Share with your friends if you find this article helpful and let’s encourage everyone to be safe online.