-
AuthorPosts
-
November 19, 2015 at 7:36 pm #539189
http://www.onesourcebackground.com
We are a background check company. Our clients can order background checks via clicking on any of the Client Login buttons on our site. Please click on one of our Client Login buttons to see. The orders go through a vendor of ours that does all the automation. My question is in regards to the form that is displayed after clicking the Client Login button. The button is directed to a link and it opens a new window with a login form. I hate it. It looks nothing like our site, no branding, doesn’t match our other forms, etc. Here is the message from them regarding this:***BEGIN***
Vendor: The login prompt for the [Vendor] site comes directly from the web browser and as such is not modifiable by our software. That’s why it looks different from browser to browser. It’s not under our control. One advantage is that it fits well on mobile devices.One Source: Sorry if this seems silly, but would you be able to help me understand what is meant by the prompt comes directly from the web browser? Making it unable to be modified. I want to comprehend.
Vendor: Sure. It means that our application does not present the login window. We rely on the browser to do that, then supply the username and password to our application on each and every click. This is why you can’t insert your logo into this part of our application. It does not exist.
The alternative is to create a token based that is managed by the application. In that case, you do have something to modify. You’ll find proponents of both methods and they’ll fill the security blogs with their position papers. But, we prefer the simplicity of this approach. It ensures browser independence, and, code that does not exist cannot be hacked. Of course, we also recommend implementing enhanced security, with password expiration, PIN expiration and periodic password changes.
***END***Our competitors offer similar buttons that direct to a login page. Their login, aka form, displays their logos and other relevant information, i.e. links, to support contact information, etc. I want our login to look like one of our web pages. Since I do not know code, etc., does what our vendor say sound correct? Do you know if this is something that could be fixed with a custom plugin? Or would I just need some fun code?
November 20, 2015 at 5:07 pm #539771Hey jend_onesource!
As your vendor said, form that pops up is browsers native authentication form and cannot be modified. I believe that should be discussed between you and your vendor. You can also hire a freelance developer for alternative customization. Unfortunately, that would be way out of the scope of our support.
Best regards,
Yigit -
AuthorPosts
- You must be logged in to reply to this topic.