Using ProsePoint Express securely with SSL encryption

ProsePoint Express provides encryption for users who wish to access the service securely. To do so, just change the beginning of the web address in your browser's location bar from http:// to https://. This will switch to using SSL (secure sockets layer) for encryption.

For example, to visit the front page of ProsePoint securely, visit

https://www.prosepoint.net

To login securely, visit

https://www.prosepoint.net/login

In both cases, notice the https:// at the beginning of the link.

SSL is not an automatic feature of ProsePoint Express. If you wish to use it, you have to do so yourself.

Why use SSL encryption?

Normal web traffic using http:// is not encrypted. This means that if a person is able to eavesdrop on the communications between your browser and ProsePoint Express, they can see everything that you are doing.

Most of the time, this is nothing more than an intrusion of privacy, but there may be some security implications. For example, if you are entering your password during login, they may be able to sniff your password and then log into ProsePoint Express as you.

In practice, eavesdropping occurs rarely because there is so much traffic on the Internet all the time it's hard to pick out anything from the rest of the noise. However, it can happen, and if you are security conscious, you may choose to use SSL to prevent the possibility of this happening.

Why not use SSL encryption?

There is a downside to using SSL encryption. It takes time. Every browser request to the server needs to be encrypted and decrypted on both ends. If you use SSL with ProsePoint Express, you may find the site is somewhat slower. Exactly how slow depends on your Internet connection and where you are.

When to use SSL encryption?

We'll leave it to users to decide whether and when to use SSL encryption with ProsePoint Express. They are better placed to judge the trade-offs between security versus a slower website for their own situation.

One common pattern is to use SSL to login (https://www.prosepoint.net/login) and then change back to unencrypted web traffic (by replacing https:// with http://) afterwards. This provides the best of both worlds. The login password is encrypted and safe from prying eyes, but normal interactions are not slowed down by encryption.

Note: If you are using ProsePoint Express through an open WiFi, you should definitely use SSL all the time to protect yourself from Firesheep and similar attacks.