From time to time the MLS department receives support request emails from members asking why websites are being shown as "not secure" in their browser, and what they should do to fix it. A typical warning in Safari looks like this, and other browsers will display something similar.
This looks like a pretty alarming message to get, and users are right to examine carefully the security messages that are displayed for them in their browsers. In this case however, what our members are experiencing is a case of mistaken URLs and not a security risk problem with our website or their computer's security. In the screenshot above let's take a look at what URL is being used:
What Safari is NOT showing the user here, is that this address has been entered as: "http://sfrealtors.com" which is an unsecured, Google Internet indexed, URL. In this case, it's probable that a domain name was typed into the browser's address bar at the top directly, or that a Google search result was used (instead of a bookmark). For fun, you can test this by typing the following URL into your browser right now: "http://example.com" and press enter in your browser, you will see the same type of warning page:
HTTP or HTTPS? What's the Difference?
The difference is that an unsecured HTTP website doesn't use any type of security or encryption. It's not necessarily harmful, or even a real problem (but it could be which is why your browser is warning you). In the above case, the unsecured view of the member site at http://sfrealtors.com (which Google has indexed) is not encrypted. The HTTPS address of our site(s) all are. Also in the above example, if you click on the login link...
... you are directed to a fully secured login page:
What Site URLs Should I Use?
There are two primary secure "entry points" for the SFREALTORs systems. One in from our member facing website:
https://my.sfrealtors.com and the second is from our secure MLS system login (the "Dashboard") which you can reach from https://dashboard.sfarmls.com. Creating bookmarks for the two entry points is your sure-fire way to never land on the unsecured pages.
What Can We DO About It?
We're working with our vendors to look at ways of doing permanent redirects for all possible typed or searched HTTP addresses to HTTPS and will also be evaluating how to make sure Googled results don't send members to unsecured addresses that exist somewhere in the search engines massive Internet cache. But until then, it's ALWAYS a good idea to make bookmarks to the secured, encrypted, webpages for sites you visit frequently.