[Cryptography] How to convince web site to use HTTPS ?

[Steve Pointer]

> A small organization that I work with (so far) refuses to
> move to HTTPS, even though they require a *login* to use
> their site.
> 
> I'm trying to be diplomatic as possible, but I'd like to
> convince them as simply and easily as possible.
> 
> Does anyone here have any ideas?

Goto the Google Chrome and Mozilla Firefox pages, pull the details of the future releases which plan to flag the sites as insecure. Share these with the webmaster.

But the best thing is to understand the reason why. Is it restrictions on a hosting package? lack of knowledge on how to deploy? Financial concerns? Performance overheads? Load balancer Issues? Not understanding the threats? Lack of time / resource to test and deploy? 

When you understand these then maybe you can help the webmaster overcome them. 

It might be a valid reason, the webmaster may want the site to flag as insecure, he/she may want users to think about what information they share with other users, to not reuse passwords, be lulled into thinking that because it is https then the server is secure?

... or they might just be a lazy toad!

> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20190802/f53d5f4d/attachment.htm>