This post is strictly my personal opinions, it does not represent my employer’s views in any way.
Login/register page is essential to any site, especially any Commerce site. You should always follow the proven, established practices, but yet many sites still have issues with their login and register page. Make sure that you do not do anything mentioned below:
Use HTTP for login/register page.
You might say “What?”. It’s 2016 already and certificate is cheap as hell (even free, if you count Letsencrypt). Still, there are Commerce sites use HTTP for login/register. This, sadly, happens to one of my favorite sites, itsajten:
In case of itsajten, there is not much of sensitive information an attacker can get if he sniffs the network and gets my password. I’m in Sweden and almost everything is transparent, even my income. But still, it does mean that I’m subject to social engineering attack. I notified itsajten about this but never heard from them since – which is a pity. They are otherwise very nice and they offer some of the best prices on the item I interested.
Continue reading “What not to do with your login/register page”