https://community.talktalk.co.uk/t5/Security/Logging-into-the-router/m-p/3108830#M24562 <P>Hi <a href="https://community.talktalk.co.uk/t5/user/viewprofilepage/user-id/46686">@Gliwmaeden2</a>&nbsp;that's because it is an http rather than HTTPS connection and nothing to worry about</P> <P>&nbsp;</P> Fri, 25 Apr 2025 07:00:54 GMT Divsec 2025-04-25T07:00:54Z https://community.talktalk.co.uk/t5/Security/Logging-into-the-router/m-p/3108816#M24561 <P>When checking which version of Hub2 firmware I currently have, the address for logging into the router has a black triangle flag:</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="20250424_215938.jpg" style="width: 1080px;"><img src="https://community.talktalk.co.uk/t5/image/serverpage/image-id/74578iB4CCE5ACB62E009B/image-size/medium?v=v2&amp;px=400" role="button" title="20250424_215938.jpg" alt="20250424_215938.jpg" /></span></P> <P> </P> <P>The message indicates it is less risky at home, but the general implication is that it's not secure. I am trying to use it at home.</P> <P>&nbsp;</P> <P>This didn't happen when I checked the firmware version a few weeks ago.</P> <P>&nbsp;</P> <P>What's going on with it?</P> Thu, 24 Apr 2025 21:35:13 GMT https://community.talktalk.co.uk/t5/Security/Logging-into-the-router/m-p/3108816#M24561 Gliwmaeden2 2025-04-24T21:35:13Z https://community.talktalk.co.uk/t5/Security/Logging-into-the-router/m-p/3108830#M24562 <P>Hi <a href="https://community.talktalk.co.uk/t5/user/viewprofilepage/user-id/46686">@Gliwmaeden2</a>&nbsp;that's because it is an http rather than HTTPS connection and nothing to worry about</P> <P>&nbsp;</P> Fri, 25 Apr 2025 07:00:54 GMT https://community.talktalk.co.uk/t5/Security/Logging-into-the-router/m-p/3108830#M24562 Divsec 2025-04-25T07:00:54Z https://community.talktalk.co.uk/t5/Security/Logging-into-the-router/m-p/3108832#M24563 <P>Yes - it's probably Chrome flagging it up for that reason and normally it could matter in connection with other websites, as a warning.&nbsp;</P> <P>&nbsp;</P> <P>But nobody's going to be logging into that address unless they are already at home, so the alert is superfluous.&nbsp;</P> <P>&nbsp;</P> <P>Though it does still beg the question, why doesn't Talktalk use https for this, and why didn't the alert show last time?</P> <P>&nbsp;</P> <P>A few weeks ago I got into the router log in with none of these alerts, using the same browser, same devices.&nbsp;</P> Fri, 25 Apr 2025 07:35:45 GMT https://community.talktalk.co.uk/t5/Security/Logging-into-the-router/m-p/3108832#M24563 Gliwmaeden2 2025-04-25T07:35:45Z https://community.talktalk.co.uk/t5/Security/Logging-into-the-router/m-p/3109093#M24565 <P><a href="https://community.talktalk.co.uk/t5/user/viewprofilepage/user-id/101273">@KeithFrench</a>, have you got any thoughts on this, as I don't think the previous reply got to the bottom of things?</P> <P>&nbsp;</P> <P>When I log in now, as expected, the warning triangle is still there, but not the warning message that I posted in my first post.</P> <P>&nbsp;</P> <P>So it's back to normal.&nbsp;</P> <P>&nbsp;</P> <P>Why would I usually not see that warning message, and then suddenly see it flagging up the issue, then back to normal despite still being triangled in the browser address?</P> <P>&nbsp;</P> <P>&nbsp;</P> Sun, 27 Apr 2025 13:50:18 GMT https://community.talktalk.co.uk/t5/Security/Logging-into-the-router/m-p/3109093#M24565 Gliwmaeden2 2025-04-27T13:50:18Z https://community.talktalk.co.uk/t5/Security/Logging-into-the-router/m-p/3109096#M24566 <P>Hi&nbsp;<a href="https://community.talktalk.co.uk/t5/user/viewprofilepage/user-id/46686">@Gliwmaeden2</a>&nbsp;</P> <P>&nbsp;</P> <P><a href="https://community.talktalk.co.uk/t5/user/viewprofilepage/user-id/252734">@Divsec</a>&nbsp;is 100% correct on this. HTTP is not encrypted, whereas HTTPS is. Logging into a TalkTalk router can only be done from the local network; connection attempts coming into the router via its WAN interface are blocked. Unless someone is connected to your network and is using Wireshark with specialist hardware, your connection to the router is classed as secure enough. Your browser should give you an override along the lines of "I trust this connection, please allow it".</P> Sun, 27 Apr 2025 14:16:31 GMT https://community.talktalk.co.uk/t5/Security/Logging-into-the-router/m-p/3109096#M24566 KeithFrench 2025-04-27T14:16:31Z https://community.talktalk.co.uk/t5/Security/Logging-into-the-router/m-p/3109097#M24567 <P>The point is it doesn't give me the override message, only the option, exactly as in the original image I posted, to "continue to site".</P> <P>&nbsp;</P> <P>What has not been answered:</P> <P>&nbsp;</P> <P>Why would I get this message <STRONG>as a one off</STRONG>? It usually doesn't show.</P> <P>&nbsp;</P> <P>If it actually mattered it would show every time.&nbsp;</P> <P>&nbsp;</P> <P>I was already informed that it's http rather than https <EM>in the image I posted</EM> where it recommends contacting the site owner to upgrade it. So that is not the mystery.&nbsp;</P> <P>&nbsp;</P> <P>I am only ever trying to log in at home.&nbsp; It's an alarming message if it shows, when nothing has been altered at my end.</P> <P>&nbsp;</P> <P>So the only question that needs answering is why did the message in the image I posted show up at all, ever?&nbsp;</P> <P>&nbsp;</P> <P>And perhaps Talktalk could explain why they don't use https?</P> Sun, 27 Apr 2025 14:36:44 GMT https://community.talktalk.co.uk/t5/Security/Logging-into-the-router/m-p/3109097#M24567 Gliwmaeden2 2025-04-27T14:36:44Z https://community.talktalk.co.uk/t5/Security/Logging-into-the-router/m-p/3109098#M24568 <P>TalkTalk have never implemented HTTPS in their routers for this purpose, probably because of cost. Everything else you ask is down to your browser.</P> Sun, 27 Apr 2025 14:46:18 GMT https://community.talktalk.co.uk/t5/Security/Logging-into-the-router/m-p/3109098#M24568 KeithFrench 2025-04-27T14:46:18Z https://community.talktalk.co.uk/t5/Security/Logging-into-the-router/m-p/3109103#M24569 <P>Thanks, that's a little clearer now! <span class="lia-unicode-emoji" title=":smiling_face_with_smiling_eyes:">😊</span></P> Sun, 27 Apr 2025 15:45:34 GMT https://community.talktalk.co.uk/t5/Security/Logging-into-the-router/m-p/3109103#M24569 Gliwmaeden2 2025-04-27T15:45:34Z https://community.talktalk.co.uk/t5/Security/Logging-into-the-router/m-p/3109798#M24577 <P>Bit late to the party. But excellent topic and discussion,&nbsp;<a href="https://community.talktalk.co.uk/t5/user/viewprofilepage/user-id/46686">@Gliwmaeden2</a>&nbsp;</P><P>I agree with you, that it doesn't make a lot of sense.</P><P>&nbsp;</P><P>By definition, 192.168.1.1 is a device within a private network, not within a public network.</P><P>By definition, messages between http:// 192.168.1.1/ are unsecure in the sense that they are unencrypted.</P><P>But they are secure in the sense that the owner of the private network trusts all devices and users within the private network.</P><P>One would think that Google Chrome would know that and not be so alarming, especially the fact that this is a private network.</P><P>I think other programs, including Windows, get confused, whether a private network, is or is not, private.</P><P>&nbsp;</P><P>I think that what happens, is that when a user logs into the router for the first time, after Chrome gives that warning (meaning that messages are&nbsp; unencrypted), Chrome saves that fact somewhere in cache (whatever and wherever that is) that you have given permission, and won't bother you again. It will only bother you again, if somehow that record in the cache is lost.</P><P>&nbsp;</P><P>Anyhow, this is my view.</P><P>&nbsp;</P><P>Bill</P><P>&nbsp;</P> Sun, 04 May 2025 11:36:37 GMT https://community.talktalk.co.uk/t5/Security/Logging-into-the-router/m-p/3109798#M24577 Billx 2025-05-04T11:36:37Z