[Cryptography] How to convince web site to use HTTPS ?

John McCormac jmcc at hackwatch.com
Fri Aug 2 19:51:32 EDT 2019

On 02/08/2019 15:12, Henry Baker wrote:
> Hi:
> A small organization that I work with (so far) refuses to
> move to HTTPS, even though they require a *login* to use
> their site.
> I'm trying to be diplomatic as possible, but I'd like to
> convince them as simply and easily as possible.
> Does anyone here have any ideas?

Hint at it being a possible GDPR issue even though it may not be one. If 
it is using a login, it is potentially handling personal data.

Normally, it is a case of getting to talk to the webmaster rather than 
the boss or CEO. The website design might well have been outsourced and 
upgrading it to HTTPS will involve some more work. This brochureware 
approach to websites by businesses and organisations means that website 
design is viewed as a one-off expense and there's often no ongoing 
maintenance contract. Finding out if the website was developed in-house 
or outsourced would be the first step. That would provide an indication 
of the difficulty of convincing the organisation to upgrade to HTTPS.

Despite all the propaganda from Google and the search engine 
optimisation business, HTTPS redirects (where a site will redirect to a 
HTTPS version) are not universal. Some of the new gTLDs are HTTPS by 
default but the HTTPS redirect percentages on other TLDs vary.


This email has been checked for viruses by AVG.

More information about the cryptography mailing list