Secure logins

[echarrod]

When I log into the site, my username and password are transmitted in plaintext, non-securely.

The site should either:

1. Obtain a HTTPS certificate so that passwords can't be intercepted
2. Encrypt the passwords on the client side before being transmitted.

The first would be a much better solution, and it will also harm user trust search rankings if this is not fixed. The second would be a possible alternative, and even an added bonus if no. 1 is also implemented.

[backface]

Thanks for the pointer. It seems you used turtlestitch.org via HTTP and not via HTTPS which is also available.

I finally recognize however it might not be a good idea to leave this choice up to the user and the site is redirecting/forcing use of HTTPS now.

In addition, I changed the login request to be sent via POST so it also does not show up in our server logs anymore.