|My browser always complains when I login that the connection is not encrypted, because LWM doesn't have a valid certificate for TLS.|
This means anyone between me and their server could steal my password, which is pretty lame.
Connection should be secured asap.
|Which browser are you using? I don't have any such issue. |
|Try updating certificates on your side. |
Sometimes, the verification goes wrong because of a mismatch between old data on your pc and data sent from the server.
|All you can do is not use LWM username/password on other sites. |
I use Firefox and it shows the same problem!
I'm using firefox.
But just checked on chrome and it also says it's not secure.
I also tried to renew certificates and it doesn't help, I'm pretty sure they don't have a valid certificate.
|whats the harm in it? playing for 8 years never got hacked |
|If somebody uses the same password as on email or other important things, it might be very dangerous for them. Passwords are not meant to be sent in plain text. |
|Its same for me because I use Firefox, however I have no such problem whilst using chrome. |
|I don't have the problem on Chrome, maybe some new security measure that FF has? |
On Chrome it doesn't jump into your eyes, but if you look next to the link (on the left) it says Not secure, which means every information you send to this server travels the internet in plain text so anyone who would be watching traffic on the route to the destination (heroeswm.ru) can see your account and password.
|The website is not served over https. Which means there is no encryption (so a certificate doesn't even make sense) for the traffic between us and the server. A 3rd party could observe all your communication in this game, including sensitive data like the password you are sending to the server or your private messages.|
They should however move on from http to https. In the future, modern browsers will not even allow you to use a login form (one containing a password field) unless the website is server over https with a valid certificate. The overhead of using https is no longer as big as it used to be, and neither are the costs.
As for not using the same password across multiple accounts, it is a good practice regardless of the whether the website is https or not.
|ParaLeul and DarkSooth are right. Unfortunately the connection to LWM has never been safe. To stay safe, make sure you never use your LWM password for anything else. |