Forum should use secure https:// logins

[coinage]

I've enjoyed reading hundreds of posts here in recent months.  Now with the bitcoin security mess I realize I have important contributions to make, so I registered to post.

To start off right I registered with a long, complex password with all 4 character groups (lowercase, uppercase, numbers, symbols), which will be unique for this site.

Then I logged in ... under plaintext http: .

Huh?

It's time to for all bitcoin-related sites to lock down their username/password registrations, logins, and password change pages, because we have seen more than anything else in my recent memory how aggressively people will collect user credentials on one site (MtGox) to try using them on other sites (MyBitcoin/Gmail/Tradehill/etc.) when money gathering is a motivating factor.

It's also time for anyone who registered here ages ago to consider whether they've reused their passwords elsewhere.


(There's probably no clear need for all pages on non-financial sites like this one to be run under SSL while logged in, since the overhead could be an issue.  But at least logins!)

[1715019917]

1715019917

[JoelKatz]

(There's probably no clear need for all pages on non-financial sites like this one to be run under SSL while logged in, since the overhead could be an issue.  But at least logins!)

Honestly, I see very little point in encrypting login pages if you immediately switch to insecure access. Sure, someone can't get the password, but they don't need it.

[unbanned]

+ after all that has happened you shouldn't even be using the same email address across bitcoin related sites

passwords should all be different all the time anyway, if someone doesnt do this kind of basic security its not the fault of the forum