If you’re a developer, or you’re running your own website, a secure login form will be your main concern. SSL (Secure Sockets Layer) serves for your concern. SSL is a technology used to create an encrypted link between a web server and a browser to prevent any outsider to track the data in between. That is why, most of the developer are sure that if you are not using SSL to secure web login form, every stroke from your keyboard passed between the web server and browsers is not remain private i.e. your username and password could easily be tracked.

That is why, Secure Sockets Layer (SSL) is very essential to keep secure your website’s login username, password, and everything that has been downloaded or uploaded. Because SSL made to ensures that all data uploaded and downloaded between the web server and browsers remain private.
 

The Risks Having No SSL

The damage without securing your website with SSL can me more than what you’re imagining while reading this article. Most probably, you may be thinking that without the secure login form, the attacker will get your web username and password, hack your website, able to read your SEO techniques, buy products, transferring money, reading email, etc. Yes, because it’s not an uphill task for an expert hacker. But the threat is more than what you’re imagining. What will it be?

As most of the non-intelligent people use the same password for their most of the logins, sometime same password for more one website admin, and more dangerously sometimes same password for bank account and for Facebook like social account and pages, the severity of the possible damage you can imagine in this case, no words need to add.
 

Wrong Ways to Create ‘So Called’ Secure Login Form

One of the major mistakes which are very much common in developers while making a ‘secure login form’ is not to consider any threat, consequently, not securing a login form at all, because many of the developers, and account holders do not care if someone knows your visitor's usernames and passwords or not. However, there are some ways adopt by developers to keep secure login form, but it has some common gapes, let’s discuss.
 

How Not to Secure a Login form with SSL

It is rationally perceivable that SSL will take more processing on high level traffic website. So many developers use the technique to have the form submit to an https page. It will work somehow, because it will encrypt the login information when it is submitted. But there are some issues with this technique.

The user will be unable to trust if the login information is going to be encrypted unless the user studying the source code for the site.
An attacker will be able to change the form's action to another URL very easily and consequently an attacker could inject some JavaScript code to send the username and password to the attacker.

One of the best examples is of Facebook and twitter login pages. An attacker simply attack http page with a login form and will be able to apply phishing. Moreover, there are even software available to do this simple task ‘don’t need a rocket science’ like SSLStrip.
 

How to Create a Secure Login Form with SSL

As we have learn how not to make secure login form with SSL, the question, then how TO make SSL login form to secure the login page. If you want an answer in single line, make a separate login page simply. As many of the famous websites have turn to more secure login page by apply this and similar methods. When the user visits their login page, it redirects the user forwards to an https page instead of http page, although the homepage is http. Even if the user navigates to http, the system will forward it to an https page.

In this case, the middle-man (an attacker) will find itself unable to phishing, with the green bar displays. In short, there are two ways to create a safe and secure login form with Secure Sockets Layer.

• Making a separate login page that only can only be accessed and submits with https

• Homepage always enforced by https which makes it more secure

Hope, the topic will be helpful to you. If you have questions or suggestion in this regard, we’ll be very pleased to confirm it from below comment box.