Password is not encrypted

  • 20
  • Problem
  • Updated 6 years ago
  • In Progress
Instagram iPhone app is sending password in plain text. It must use SSL. Also the web server must enable HTTPS to encrypt login credential.
Photo of nightraven

nightraven

  • 4 Posts
  • 1 Reply Like
  • anxious

Posted 6 years ago

  • 20
Photo of whiteout box

whiteout box

  • 11 Posts
  • 1 Reply Like
SSL is a must.
Photo of Nathanael Abbotts

Nathanael Abbotts

  • 1 Post
  • 0 Reply Likes
SSL has been broken - TLS is a must, if you want to be secure.
Photo of Zain

Zain

  • 1 Post
  • 0 Reply Likes
In what world has SSL been broken?
Photo of Kevin Systrom

Kevin Systrom

  • 56 Posts
  • 42 Reply Likes
Hey Everyone,

We've been hard at work for the last couple weeks on making our product secure & safe. Security is a huge priority for this release. A fix has been submitted to Apple and should be available shortly. If you have any questions, you should feel free to email me personally kevin@instagr.am

Kevin
CEO & Cofounder
Photo of nightraven

nightraven

  • 4 Posts
  • 1 Reply Like
The iPhone app was fixed, but the web site is not. It still takes users to the insecure, not-encrypted login page. http://instagr.am/accounts/edit/

By changing "http" with "https", you can go to the secure, SSL-encrypted login page. Instagram only needs to fix the link to the login page. There are 3 placed to be fixed, as far as I can find. I notified Kevin of this via emails, but nothing was changed yet.
Photo of Mike Krieger

Mike Krieger

  • 22 Posts
  • 12 Reply Likes
Hi nightraven, the accounts page online should also be on SSL. Thanks!
Photo of tobias.ostensson

tobias.ostensson

  • 2 Posts
  • 1 Reply Like
Version 1.0.4 was released on Appstore yesterday. It's a security update, most likely this solves the problem. Can anyone verify?
Photo of nightraven

nightraven

  • 4 Posts
  • 1 Reply Like
I verified that Instagram 1.0.4 is using SSL during login. User/password is encrypted.

The About screen of the app says "v 1.9.5". Typo?
Photo of Mike Krieger

Mike Krieger

  • 22 Posts
  • 12 Reply Likes
We have an internal version (thats the 1.9.5) as well as an app store version (1.0.4). Hope that helps!
Photo of tobias.ostensson

tobias.ostensson

  • 2 Posts
  • 1 Reply Like
Great, thanks. Strange typo, in Appstore it says version 1.0.4!
Photo of Mike Krieger

Mike Krieger

  • 22 Posts
  • 12 Reply Likes
As of version 1.0.4 (and all newer versions) we've gone to SSL & HTTPS for all transfers of login & credentials.