All sensitive data such as passwords, logins or credit card numbers should be sent via an encrypted channel between the client and the server. This protects the user from aman in the midle attack,where the attacker is pinned to the communication between the user and the network they are currently using. It has access to all information transmitted by the victim and is therefore able to intercept, modify or destroy it in the case of unencrypted data. Therefore, appropriate safeguards are required to protect the transmitted data. The information administrator should decide for himself or herself what type of protection to apply. This can be an SSL/TLS dataencryption protocol, as well as another cryptographic protection measure, such as email encryption and recipient's public key. The image below shows a view of a captured unencrypted packet containing the credentials of a network traffic eavesdropping program.
Figure. Captured an unencrypted packet containing credentials. Source: [Own study]
In one of the applications tested, communication with the server was using HTTP, which is not encrypted. All data transmitted by such a channel can be intercepted and modified during transmission. The graphic below shows a view of the message that firefox is not encryption.
Figure. View a message that there is no encryption from Firefox. Source: [Own study]