IsMyLoginSecure started life as a way to automate the checking of various websites to check that the page linking to a login page was https and not http, to prevent man-in-the-middle attacks.
It all started when in late 2017 Liam Blizard noticed Natwest’s http pages were linking to their https login page. Then myself and Troy Hunt, Scott Helme and many other people caused a lot of fuss and we got in the national press. Not that that was the intent.
I then spent some time manually curating a list of banks, and after that lists of many types of organisations holding financial or health data, and whether their login pages were secure against man-in-the-middle attacks.
This initial testing was done manually, but manual testing doesn’t scale and it’s error prone. Therefore the next thing to do was to automate the testing. Liam and I intended to turn this into a website, but due to our work commitments this never happened.
Improvements
I’ve tidied the code up a bit, fixed some bugs, added colour coding of errors, sorting of results, documented things and improved the usability so that if anyone wants to use this to run simple tests on domains of their choice they can do that with the existing binary available from IsMyLoginSecure.
Open Source
The IsMyLoginSecure desktop demo was side project at Software Verify and has been sitting on a development machine for years. I thought it better that someone may benefit from it, as neither of us will ever turn this into a product.
You can access the source code on GitHub.