Can an ISP get authorization data through an http connection?

A

Andrew2016-05-08 02:10:16

Information Security

Andrew, 2016-05-08 02:10:16

Perhaps the question is rather stupid, but still. From specific examples: vk.com uses https on all pages, but http is used on the login and password entry page. Why? Does this affect data security in any way?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

X

xmoonlight, 2016-05-08
@Drew96

They use a token.
This does not affect security in any way.
You can use a token (issued via a link in the mail) without any https.
Those. as a two-factor registration + authorization (or remind the password by e-mail or sms) via channels: http and email / sms.
As a result, a token is created (in cookies) based on: 2 keys and your login password.
Even if the provider knows all 2 keys, then he does not know your password.
But usually, mail is checked over an encrypted channel via TLS or via HTTPS (web interface): if so, then the maximum is that the provider knows only 1 key out of the required 3 to restore the token without blocking access due to exceeding the limit of login attempts with invalid token.

P

Pavel K, 2016-05-08
@PavelK

Maybe.

A

Artem, 2016-05-11
@ulkoart

In short: through an http connection, anyone can find out the transmitted data, especially at free wifi points.