About the game
News
Sign in
Register
Top Players
Forum
5:15
1358
 online
Authorization required
You are not logged in
   Forums-->Problems and errors (general)-->

No certificate



AuthorNo certificate
#4201ParaLeul
 1  2017-11-04 12:16:30
My browser always complains when I login that the connection is not encrypted, because LWM doesn't have a valid certificate for TLS.
This means anyone between me and their server could steal my password, which is pretty lame.
Connection should be secured asap.
#7490Meshy
 2  2017-11-04 22:29:00
Which browser are you using? I don't have any such issue.
guyb
 3  2017-11-04 22:54:52
Try updating certificates on your side.

Sometimes, the verification goes wrong because of a mismatch between old data on your pc and data sent from the server.
Divit
 4  2017-11-05 19:47:48
All you can do is not use LWM username/password on other sites.
Naturef
 5  2017-11-05 20:05:08
for ParaLeul:
I use Firefox and it shows the same problem!
#4201ParaLeul
 6  2017-11-06 14:32:19
for Meshy:
I'm using firefox.

But just checked on chrome and it also says it's not secure.

I also tried to renew certificates and it doesn't help, I'm pretty sure they don't have a valid certificate.
Fallen Atheros
 7  2017-11-06 14:49:11
whats the harm in it? playing for 8 years never got hacked
#4201ParaLeul
 8  2017-11-06 15:28:53
If somebody uses the same password as on email or other important things, it might be very dangerous for them. Passwords are not meant to be sent in plain text.
Ingenious
 9  2017-11-07 11:40:18
Its same for me because I use Firefox, however I have no such problem whilst using chrome.
#7490Meshy
 10  2017-11-08 11:55:49
I don't have the problem on Chrome, maybe some new security measure that FF has?
#4201ParaLeul
 11  2017-11-11 01:20:25
for Meshy:
On Chrome it doesn't jump into your eyes, but if you look next to the link (on the left) it says Not secure, which means every information you send to this server travels the internet in plain text so anyone who would be watching traffic on the route to the destination (heroeswm.ru) can see your account and password.
DarkSooth
 12  2017-11-12 14:02:23
The website is not served over https. Which means there is no encryption (so a certificate doesn't even make sense) for the traffic between us and the server. A 3rd party could observe all your communication in this game, including sensitive data like the password you are sending to the server or your private messages.

They should however move on from http to https. In the future, modern browsers will not even allow you to use a login form (one containing a password field) unless the website is server over https with a valid certificate. The overhead of using https is no longer as big as it used to be, and neither are the costs.

As for not using the same password across multiple accounts, it is a good practice regardless of the whether the website is https or not.
#4201Magier
 13  2017-11-15 21:24:02
ParaLeul and DarkSooth are right. Unfortunately the connection to LWM has never been safe. To stay safe, make sure you never use your LWM password for anything else.
Back to topics list
2008-2024, online games LordsWM