Site security


I was wondering.

We all know C2 once got hacked and we were asked to change our login. How about site security today? I still don’t see and “https” or “a lock in the down right corner”.

When checking C2 away from home then closing my laptop going into hibernate opening again at home I’m logged in right away again (still logged in). No time out…

I didn’t know about it getting hacked. I can say that I get logged out often and it’s annoying. What’s even more annoying is having to read a risk disclosure popup 10 times a day. Can’t we set some cookies for that thing?

We force you to use https for things like credit card transactions. You can optionally use it whenever you like by accessing the site through https://

Our general feeling is that customers regard C2 as an integral platform that is part of their everyday work, many times a day, and thus we allow users to stay logged in for up to 8 hours or so. Users should be thoughtful about this and should log out explicitly when using shared computers or when traveling with laptops.

Even in cases where users are logged in, we require users to re-submit their passwords to access credit card information.



Yes the pop-up warnings are very annoying, but our regulators consider them important. Thus we must leave them in place.


thanks Matthew!