This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Secure login issues with connect.garmin.com

Former Member over 10 years ago

This is more of an FYI. I wouldn't doubt if someone's brought this up before but I noticed that the login site to connect.garmin.com is not secure.
1.) It does not redirect to the https page.
The URL is:
http://connect.garmin.com/en-US/signin
Internet browsers are unable to verify that this login is secure.
2.) You can manually change it to:
https://connect.garmin.com/en-US/signin
But the https page doesn't display the login prompt.

I'm also confused as to why forums.garmin.com uses https but the login for connect.garmin.com does not.

In the mean time, for anyone concerned about security, you can actually login securely by logging into forums.garmin.com first and then going to the connect.garmin.com site.

Also, displaying the TRUSTe Certified Privacy logo on the page means very little if a browser cannot verify that the page is secure. Anybody can replicate this logo and post it on their website, secure or not.

0 Former Member over 10 years ago

Hey Mr Jim. If you'll inspect the source for the http connect signin page you'll see that the login box is actually an iframe calling a https page.

<iframe ..... id="gauth-widget-frame" src="sso.garmin.com/.../iframe>

You're right that it doesn't display the SSL verification icon for garmin.com in the browser, which does make it less transparent that the login is actually being encrypted, but that doesn't mean it's not performing a secure login.

0 Former Member over 10 years ago

mesome,

Thanks for the reply. It's good to know that the login iframe is secure. I didn't think to inspect the source.