Login page HTTP SSL security certificate

[colinstu]

Noticed that when logging in there's no encryption of any kind.
Any time you're logging in, we are transmitting our passwords cleartext.
In this day and age... that's quite a security concern (to me anyways).

I don't know who your host is, but SSL Comodo certs can be purchased pretty cheaply for namecheap customers (I'm one of them).

[NE2]

Use a password you don't use elsewhere if you're paranoid.

[colinstu]

It's not paranoia, it's for the well-being of the site and all those who use it.

[mrsman]

Without being snarky, I agree with NE2.  Nobody should be posting anything sensitive here.  So if you are legitimately concerned about somebody stealing your password, just use a unique password for this site, and leave the more sensitive passwords for more secure operations.

[getemngo]

I'm with Colin. Of course it's up to each user to choose a unique password, not log in from an unsafe place, etc., and anything you do online comes with some amount of risk. But sending passwords to the server in cleartext exceeds that expection of risk, and that's not something your average user would think to check up on. A forum of 2500+ members and AARoads' amount of traffic should be taking basic security measures. (I wouldn't ask for anything fancy like two-factor authentication.) In addition, a lot of us have our real names on here or our names are very easy to discover, which heightens the risk of abuse.

Also, when it was discovered that you could spoof other users' names in the chatroom, the staff made sure to fix that in a day or two. This is an equal or greater problem and even if the admins decide not to act, it would be nice to see a response here.

[rickmastfan67]

We are looking into this to see what would need to be done, and if it's currently feasible to do so.