Quote:
Originally Posted by unlocktheinbox
Can't hurt.
|
The computationally expensive part of HTTPS is the initial negotiation. After that, it's cheap. And you want that to protect passwords anyway. It's impractical at best to attempt to securely request or submit passwords over HTTP.
Any counterarguments probably addressed
here.