📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Northern Delay Repay website - password field not encrypted?

Options
YummieGummie
YummieGummie Posts: 1 Newbie
in Public transport & cycling
I've made several claims and was about to make another one for a cancelled train when I realised that, when I type into the password field, it is not encrypted:



Has it always been this like? It's a secure connection (verified by Amazon apparently) and looks like the legit website but all other websites I've used that involve entering a password do not make it visible, so something also feels not quite right.

Comments

  • 400ixl
    400ixl Posts: 4,482 Forumite
    1,000 Posts Third Anniversary Name Dropper
    You mean it is not masked, rather than not encrypted?

    As long as no one is looking over your shoulder it makes little difference as long as the transmission is encrypted. Just a bad UI design.
  • TadleyBaggie
    TadleyBaggie Posts: 6,637 Forumite
    Part of the Furniture 1,000 Posts Photogenic Name Dropper
    It does appear to be poorly programmed, as said it is basic UI design that entered passwords are not displayed in clear text.
  • Emmia
    Emmia Posts: 5,668 Forumite
    Fifth Anniversary 1,000 Posts Photogenic Name Dropper
    If you're concerned, have you raised this with Northern to tell them?
  • DullGreyGuy
    DullGreyGuy Posts: 18,613 Forumite
    10,000 Posts Second Anniversary Name Dropper
    It's got nothing to do with encryption as others have said. 

    In the HTML they have defined the input box as a "Text" which means you can see what you've entered whereas passwords are normally defined as "Password" and so text is masked as blobs. These days there are lots of places that have a "show password" button/icon that toggles the input box's type so you can choose to see or mask the password. 

    The only difference it makes is to what you or anyone around you sees. Any key logger still gets your password, it's transmitted back to the server in the identical way irrespective if its "text" or "password". In principle you could set all the text inputs as passwords if you wanted but then people won't spot when they've mistyped their address etc.

    If you are only using the site in the privacy of your own home then there is little to worry about for you... if you often fill it in whilst on the train/platform then slightly more concern. 

    Flag it with them if you feel strongly, they may agree and change it or they may disagree and say its been done to support those with dexterity issues who may struggle typing passwords and so seeing what they've typed it helpful. With how IT tends to work it won't be cheap for them to change it even though it's literally just changing one word in the code. 
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.6K Spending & Discounts
  • 244.1K Work, Benefits & Business
  • 599K Mortgages, Homes & Bills
  • 177K Life & Family
  • 257.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture