Monday, September 15, 2008

Signed up for epost

I recently signed up for epost from Canada Post. My employer uses Ceridian for payroll. They often mention paperless paystubs are available. So I decided to try it out instead of the traditional paper paystubs.

It was fairly easy to get signed up. So I'll see how it goes with the first couple of paycheques. Some of my coworkers use it and they said it was pretty good. It's good to go paperless and help the environment.

A few other bills I get are available on epost too so if it goes well with the paystubs I'll go with epost paperless billing for them as well.

Canada Post did a pretty good job with epost. It does have a slightly clunky feel, not quite as "smooth" as say the President's Choice web banking site or etrade. Still not too bad so far. Althought it's available I don't plan to use it for bill payment, just presentation. I like to use President's Choice banking for my bill payments.

There is one surprising glitch on their site, an example of the clunkiness I guess. On the front page it lets you sign in. However the page is not an HTTPS page; no padlock. I was shocked when I first saw it since it appears your login creds are sent in the clear without encryption.

I did a view source on the epost main HTTP page and I saw that the login form does indeed post to a secure HTTPS site. Still if a site has sensitive personal information on it [like epost], or is backed by real money [like President's Choice banking, etrade, or epost again] then I expect to see https and the padlock on the login page.

What percentage of epost users are capable of doing a view source on the landing page and checking if the login form is posting to a secure HTTPS site? Probably less than 5%. The other 95% should be wondering where the padlock is on login. epost has been around several years and I'm surprised they've missed this all this time.

There is a workaround to it. From the main page just click sign-in, leaving the username and password empty. The result page is HTTPS and has the padlock so that gives the user a much more secure feeling.

No comments: