NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Why isn't ORBI Login Secure
I like the product but why is the browser login for Orbi insecure? (http://orbilogin.net/adv_index.htm). IF I change to HTPPS I get a different error. I don't use the phone app becasue I find t...
willemdh wrote:
HTTPS is really important and should also be enabled inside the network. otherwise the password used when logging in, can easily be sniffed by bad actors..
Please add this feature asap...
Done!
It works already. The ugly thing, however, is that Netgear has totally messed up the SSL Certificate on the Orbi line, so modern browsers like Chrome will complain, "The Cert is bad. Don't go there! Oh, no. The sky is falling."
Try it for yourself: https://orbilogin.net. Just ignore the warnings and proceed to the Orbi Home Page. Works great!
Maybe I don't understand, but why are we concerned about a secure ORBI login?
I login with my home browser to my home router...??
All the communications and editing is done on my side of the router.
Hi Jim,
Good question and I can see the confusion. The simple answer is your data is not encrypted between your router and connecting to the Orbi web page. This means someone could see your login credentials. This doesn't mean anyone can view your credentails. Folks need to know how to peak into this data. But come January, you'll see more browsers discourage this type of login for security reasons.
I think the simplest visual representation I've seen is from Distilled. This is a slideshare deck but you don't need to read it all. Start at slide 13 and you can go through to slide 18.
In my mind, the lack of HTTPS is shocking these days especially when the hardware is so critical to our web security. And it's a lot easier to get certificates these days.
This issue prevents me from recommending the product to others. And I'm sure many enterprise security people who have to deal with executive hardware installations would discourage for this reason.
My guess is the Orbi app makes a secure connection, but I don't use it for other reasons.
Thanks
I always thought the Orbi web(?) webpage actually resides on the router, there is no external passage.
prodport wrote:Hi Jim,
Good question and I can see the confusion. The simple answer is your data is not encrypted between your router and connecting to the Orbi web page. This means someone could see your login credentials. This doesn't mean anyone can view your credentails. Folks need to know how to peak into this data. But come January, you'll see more browsers discourage this type of login for security reasons.
I think the simplest visual representation I've seen is from Distilled. This is a slideshare deck but you don't need to read it all. Start at slide 13 and you can go through to slide 18.
In my mind, the lack of HTTPS is shocking these days especially when the hardware is so critical to our web security. And it's a lot easier to get certificates these days.
This issue prevents me from recommending the product to others. And I'm sure many enterprise security people who have to deal with executive hardware installations would discourage for this reason.
My guess is the Orbi app makes a secure connection, but I don't use it for other reasons.