Jane Yao's Blog

If a login form is not SSL secured, it is unsafe to sign up for you on that. Non-SSL login forms can easily transmitted into plain text. There are many risks with non-SSL login form. Making your login page secure is a big matter to you.

Main risk is that if an attacker can catch your user name and password he can misuse them like transferring money, buying things and reading of your personal emails.  Most of users keep same password for many account the hacker takes benefit of this thing. He can access your another accounts. Not securing your login page is the most common mistake during creating of page.

If your site having heavy traffic you can put your login page as a non-SSL page and submission page as SSL page. However, there are problem with that user is a non-technical person he cannot know that his information is being encrypted or not. The pad lock or the green address bar indicates that the site is having SSL certificate but on login page user cannot see it. He might leave the page. An attacker can easily get your user name and password without knowing you because they are travelling through the internet without SSL.

Let us understand how we can create a secure site login form with SSL.  Either make your login page separate, which is secured by SSL, or make your home page as your Login page, which is also secured with SSL.  It is convenient to make your home page as your login page because people are likely to bookmark the secure homepage than a separate Login page. The page where user enters his personal information must be secured by https. In combination with an EV SSL Certificate that shows “green bar” clearly is a possible attack man-in-the-middle/phishing virtually zero.

There are some other options if you do not want SSL at all.  You can use OpenID, Facebook login ID or Twitter ID to sign up on another site. Such account provides facility to the user securely login to several third party website and it is authentic.

Securing your login page with SSL Certificate appears very small part of your site security. However, if you do not do that customers will not trust you. Making your login page secure is the success of your website.

Credit: ClickSSL.com Blog

Largest Growth in EV SSL, Wildcard SSL and other certificates, which provide best security over the internet

Newark, Delaware. – February 28, 2012 – ClickSSL (http://www.clickssl.com) declares 200% of growth in their sales and plays starring role as Symantec Platinum Partner Company.

ClickSSL, one of the fastest well-known security provider, and expert in SSL security, today declares that it has given the highest boost in the selling of SSL Certificates (which you can see in the figure). Our highly trusted SSL Certificate (Symantec, GeoTrust,Thawteand RapidSSL) is being assumed at a more rapidly than the other leading SSL Providers.

In 2010, the figures says that sites that use SSL Technology from ClickSSL are grown up more than twice and succeeding years have observed largest growth of 200% – higher than other SSL Providers. These figures certainly indication of that growing records of site holders are recognizing the value of using SSL Certificate, and that many existing users (who uses  SSL Technology) come to a decision to switch to ClickSSL from their current provider to get benefit of ClickSSL.

Trust and security is essential when you are running online business. We are largest SSL Technology provider who secures thousands of ecommerce websites on the internet. Symantec is the most popular Certificate Authority that recognized as the symbol of trust, together we offer you wide range of trusted and affordable range of SSL certificate.

Our main goal is to provide the highest quality of products in the industry at the most cost effective price. We choose the best and most trusted Certificate Authorities and bring them to you at affordable price.

As a Platinum Partner of Symantec, ClickSSL surges 200 % of growth in the sales. This happens due to our fast and easy process of selection, installation and renewal, the best security level and 24×7 technical supports. Knowing and understanding the requirements of the customer and being able to fulfill them are the main earmark of ClickSSL. We also offers 30 days money back guarantee and another service offered by it is renewal reminder before expiry date of the certificate.

Now you will get free Trust^TM Seal with Seal-in-Search^TM and Daily Website Malware Scanning Security with the all Symantec SSL Certificates. With secured seal your visitors shows your identity verified by Symantec.

Connect with ClickSSL

• Follow ClickSSL on Twitter
• Join Facebook to connect with ClickSSL
• Join Google+ to connect with ClickSSL
• Subscribe to ClickSSL Blog’s RSS Feed

One Stop Security Solution – ClickSSL

ClickSSL is a leading in SSL Certificate Provider and Platinum Partner of leading Certificate Authority. We offer broad choice of SSL Certificates and website protection solution, including EV SSL, Wildcard SSL, SGC SSL, SAN SSL and Code Signing Certificates. We are hereby, offering you an outstanding opportunity to drive and establish site reliability by offering various security solutions that are important to any internet-based company. Let consumers know your site is secure with an SSL certificate from ClickSSL.

Credit: ClickSSL.com Blog

Secure E-Commerce Site, Hosting & Domain

Over the past 10 years, e-commerce has been one of the fastest growing segments of the retail industry. That may seem obvious to anyone who has ever shopped online, but the size and speed of the boom has been truly astounding. There are already hundreds of thousands of online stores around the World Wide Web, and according to some estimates, merchants open 20,000 new e-commerce storefronts every week.

•    Before You Start Creating Your Site

Build Your E-Commerce Dealing Plan. What are you selling? Who is your target market? How much money will you need to invest to get your e-commerce business off the ground? Do you want to incorporate or operate as a sole proprietorship? These questions may seem like no-brainers, but it is worth taking some time to sit down and map out a strategy.

Depending on the size and complexity of your business, this could take anywhere from a day or two to several months.

•    Learn the language(s) of the web

HTML, PHP, ASP, SQL, CSS, AJAX — today’s internet encompasses an alphabet soup of different programming codes and tools. While you do not need to be an expert in any of them to create a web site on your own, you should at least familiarize yourself with these technologies. There are a wide range of resources available at your local library, bookstore, and of course online. The World Wide Web Consortium is a great place to start.

•    Jumpstarting Your Site Design with Free Templates

Even if you decide to create a DIY web site, you do not need to start with a blank slate. There are wide varieties of free HTML templates that you can tweak to meet your needs available at sites such as 4templates.com or freewebtemplates.com. Before you start re-coding, however, be sure that the designer really has given permission for others to use and change the look of the template.

•    Is Free Web Hosting Right for You?

It is often said that the best things in life are free, but when it comes to web hosting, this may not be the case. If you are running an e-commerce site, a free hosting provider may not give you the reliability or features you need to keep your customers happy. Before you decide on a host, be sure it offers the bandwidth to support all of the traffic to your site and meets your needs for guaranteed uptime.

•    Don’t Forget to Register Your Domain Name

Before you can host your web site anywhere, you will need a domain name. Pick something that your customers will find easy to remember, but try to avoid plays on words and other phrases that are not search engine-friendly. For example, if you have a business selling cat toys, CatToyOutlet.com is better than PurrfectlyPerfectToys.com.

Also, remember to complete your metadata fields with relevant content and to submit your site to the Open Directory Project, Google, Yahoo, Bing, and other popular search engines so your customers can find you.

•    More Bits Mean More Protection

When you begin to research SSL certificate, you will notice that different certificates may offer different levels of encryption measured in bits. Usually, certificates range from 40-bit to 256-bit encryption. As you might have guessed, 256-bit encryption is the strongest, but just how strong is it? To give you some idea, 128-bit encryption can calculate 288 times as many combinations as 40-bit encryption, making it over a trillion times a trillion times stronger. That means it would take a hacker a trillion years to break into a session protected by a 128-bit SSL certificate, and even longer to hack into a session secured with 256-bit encryption.

When you are comparing CAs, also check to see if they are using 2048-bit roots that support up to 256-bit encryption. This means that the CA follows the latest recommendations developed by the Certificate Authority Browser Forum—an industry oversight organization—to help ensure that SSL certificates are as strong as they can be.

Credit: ClickSSL.com Blog

Today, you cannot turn on the TV, take newspapers, browsing your much loved news sites, or browse over the magazine without learning about the latest safety threats disrupt online business and clients. The disclosure last month of a most credit card companies, that more than 40 million cards can prove that the leading financial institutions themselves are not protected from the risk of threat would have endangered. Obviously, it is more important than ever to secure your web shop window, to keep the personal data of your consumers and ultimately protect your profits! As the owner of online store, one of the simplest and most responsible to do what you can to ensure the data submitted via your website, the Secure Socket Layer or SSL is implemented.

Secure your Online Store with SSL Certificate

When you are purchase anything online, security has been big question, where involving money. For website security is an important question for online transactions, as consumers, will always try to give full security assurance before online purchasing or payment for products or services on the Internet. Therefore, you must make sure that you are in the “safe hand” and right in front of your transaction only if it expends an SSL Certificate.

SSL, in order to save

SSL protocol permits client/server requests developed in a way to communicate to prevent snooping, tampering and forgery. SSL secures network access, internet communication and digital connections through the secure control between the server and the user. With SSL Certificate, the information from your online store (e.g. via web forms) will be transmitted ahead of it is send encrypted over the Internet.

When you fix to secure Web server as https://www.yourdomain.com/ to the server to the web browser authenticates by presenting a “digital certificate”. A digital certificate is an electronic folder exclusively recognizes persons and servers. Digital Certificates allow the customer (i.e. web browser) to validate the server before the encrypted SSL session. Usually, digital certificate desires reviewed and approved by a self-governing third party and trusted to make sure its validity. The Certificate Authority displays on SSL Certificate as “digital sign”. Well-known Certificate Authority likes VeriSign, GeoTrust, Thawte and RapidSSL. Digital Signed Certificate increases the consumer assurance, they experience that site is secure and it is on the right hand.

Increase the customer’s confidence

SSL certificates can provide you with non-forgeable proof of your website’s identity, and customer confidence in the integrity and security of your online business. Purchase SSL Certificate with strong 256-bit encryption to secure your web sites, ecommerce, exchange, intranets and extranets.

Without SSL Certificate, the web site information is transmitted in a “plain text”. It is basically an open invite to hackers, script kiddies and do other harm to the public use “packet sniffing” software, to collect information during transmission.

Customers are gradually most worried about the benefits of SSL security and will not purchase from online store, which have not implemented Digital SSL Certificates. All the major Internet retailers now use SSL security to give confidence your customers to online deals.

Unfortunately, all reliable e-commerce online store owners, the best opportunity to secure your website (e.g. checkout securely via https://) by a Digital SSL Certificate.

Wildcard SSL supply the same powerful 256-bit encryption that secures unlimited subdomains (so *.domain.com be protected). This is ideal for multi-language online store or multi-currency into several sub-areas. Moreover, the Wildcard SSL gives complete overview of your identity, and the added confidence of visitors.

EV SSL, Extended Validation Certificate is the advance technology, which triggers the green address bar in the most web browser on a secure website gives additional level of consumer confidence. EV SSL Certificate includes a dynamic seal that shows the company name, address and date of expiration. If trust is the vital for your site, the EV SSL is the best choice for your ecommerce business.

Credit: ClickSSL.com Blog

When you see the in address bar, URL with https:// prefix means that website is having SSL Certificate and communication between you and web would be safe. HTTPS is used to transmit the sensitive information securely over the Internet. The question is How encrypts the data in HTTPS?

We need key to lock or unlock the door. Same way SSL (secure socket layer) Certificate needs keys to lock and unlock the data.

SSL consists of two keys.

• The Public Key is used to encrypt the information.
• The Private Key is used to decrypt the information and translate it in to original format so it can be read.

How does it work? :-

The SSL certificate is issued for a specific server and the domain name. SSL certificates are delivers by Certificate Authorities.  When a person uses any browser to navigate the website having SSL certificate than SSL handshake takes place between browser and server. First, the browser requests that the web server identify it, the server sends a copy of its SSL certificate. Then the browser will check whether it is valid or not if yes than sends a message to the server. After that, the server sends back a digital certificate to start the SSL encrypted session. Only encrypted data is shared between the server and a browser.

The encryption uses a private/public key pair to make sure that the data can be encrypted by one key but can only be decrypted by the other key pair. The keys are similar in nature but used alternatively. The key pair is based on prime numbers and their length in terms of bits ensures the difficulty of being able to decrypt the message without the key pairs. The logic in a key pair is to keep one key secret (the private key) and to distribute the other key (the public key) to everybody. Anybody can send you an encrypted message that only you will be able to decrypt. Only you have the other key pair.

In the opposite, you can certify that a message is only coming from you, because you have encrypted it with you private key, and only the associated public key will decrypt it correctly. Beware, in this case, the message is not secured you have only signed it. Everybody has the public key.

Credit: ClickSSL.com Blog

To earn trust, you need an easy, reliable way to show customers that not only are their transactions secure, but that you are a legitimate business and you are whom you say you are. To meet this need, security vendors and Internet browsers have combined forces to establish the Extended Validation (EV SSL) standard, the first fundamental change in the world’s secure e-commerce backbone in more than ten years.

Besides turning green, the browser also displays the name of the organization listed in the certificate (for example, your company). Implementation details vary somewhat from browser to browser.

The browser and the security vendor control the display to deter phishes and counterfeiters from hijacking your brand and your customers. Fraudsters are becoming adept at mimicking almost everything about a Web site, but without the legitimate company’s EV SSL Certificate there is no way they can display its name on the address bar because the information shown there is outside of their control. In addition, they cannot obtain the legitimate company’s EV SSL Certificates because of the stringent authentication process.

Why is EV so comforting to consumers?

• Online customers can look at the visual display of the certificate owner’s name on the address bar to make sure the site is indeed authored by the intended source and not an imposter.
• CAs conduct additional levels of validation of organizations’ legitimacy and authenticity before issuing them EV certificates as described above to keep fraudsters from posing as legitimate Internet businesses.
• The CAs themselves must satisfy more rigorous criteria in order to be eligible to issue EV SSL Certificates. They must pass regular third-party Web Trust audits confirming that they meet the requirements set out in the standards of the CA/Browser Forum, a consortium of CAs and browser suppliers. This essentially eliminates chances of a feeble background check that sets an imposter loose with EV. With EV, customers do not have to question whether the organization was properly vetted or not.
• The color change to green appears to have a soothing psychological effect on consumers. Even customers who are not familiar with the “real” reasons why EV protects them better are more inclined to convert to sales and buy more per sale if they see a green bar.

For organizations with a high profile brand, using EV SSL Certificates has established to be an efficient security against phishing frauds. For any online dealing, using Cheap SSL Certificate with EV may have a big affect on the base line. EV SSL customers have experienced large increases in web site transactions.

Credit: ClickSSL.com Blog

The Internet has been a revolution to commerce and the transfer of data in general, which has developed new global business opportunities for all, including major enterprises, small to medium sized businesses and individuals alike. However e-commerce has inevitably attracted crime and developed a new breed of online criminals ranging from fraudsters and hackers to cyber terrorists. The growing concerns associated with conducting e-commerce have now resulted in the fact that security is an essential factor for online business success.

The market is now educated in the basics of online security and the majority of online users now expect security to be integrated into any online service they use and as a result they expect any details they provide via the Internet to remain confidential and secure.

This white paper explains how SSL can be utilized as the core security technology to protect customer’s online transactions and informs users that the security of the online business is being taken seriously. In fact, SSL provides proof of a digital identity and allows online customers to visibly see that their digital transaction will be confidential. These are essential factors in gaining customer confidence and remove the concerns and risks associated with sending sensitive data over the Internet.

SSL Certificate is essential to allow the true benefits of the Internet to be realized. SSL (Secure Sockets Layer) is a security technology that is commonly used for encrypting communications between users and e-commerce websites, thereby securing server to browser transactions. The SSL protocol utilizes encryption to prevent eavesdropping and tampering of the transmitted data, and is used to secure information passed by a browser (such as a customer’s credit card number or password) to a webserver (such as an online store).

SSL protects data submitted over the Internet from being intercepted and viewed by unintended recipients and as used by hundreds of thousands of websites in the protection of their online transactions with their customers, SSL is the de-facto industry standard Internet transaction security technology.

How do website visitors know if a website is using SSL?

When a website visitor connects to a webserver using SSL they will see that the URL in the address bar begins with https:// rather than the usual http:// and also a small gold padlock will appear in their browser, e.g.

As seen by users of Internet Explorer

Whenever a browser connects to a webserver (website) over https:// – this signifies that the communication will be encrypted and secure. The actual complexities of the SSL protocol remain invisible to the end customer.

In summary, SSL Certificate is the de facto web transaction security technology. Web servers have been built to support it and web browsers have been built to use it. SSL provides the ability to secure customers transactions transparently without the customer having to do a thing!

Credit: ClickSSL.com Blog