Note #18572

Hey @LloydsBank! 2009 called and asked if you’re done sending your customers links to unencrypted HTTP endpoints yet. How do you feel about switching this to a HTTPS link rather than relying on an interceptable/injectable HTTP request?

Text message: "Follow this link to download your free Lloyds Bank Mobile Banking app. http://www.lloydsbank.com/mobileapp"

×

2 comments

  1. @LloydsBank They don’t even have HSTS set up: https://t.co/Hndp6eGewd

    1. Dan Q Dan Q says:

      They have it on HTTPS, and always redirect to HTTPS, so they’re half-trying.

Reply here

Your email address will not be published. Required fields are marked *

Reply on your own site

Reply by email

I'd love to hear what you think. Send an email to b18572@danq.me; be sure to let me know if you're happy for your comment to appear on the Web!