Missing HTTPS on Logins

The cluster focuses on complaints about a website's login and signup pages transmitting credentials over unencrypted HTTP instead of HTTPS, raising security concerns like plaintext password exposure. Discussions also touch on authentication handling for sites requiring logins and suggestions like OAuth.

📉 Falling 0.4x Security

2,709

Comments

Years Active

Top Authors

#2486

Topic ID

Activity Over Time

2007

2008

2009

2010

131

2011

147

2012

155

2013

190

2014

166

2015

105

2016

139

2017

185

2018

173

2019

150

2020

162

2021

186

2022

214

2023

186

2024

158

2025

152

2026

Top Contributors

tptacek (19) forgotmypw17 (11) homakov (10) StavrosK (9) detaro (8)

Keywords

XSS HTTPS HTTP OMG ClearAuthenticationCache DIFFERENT JavaScript HTML REST THAT login password https username password auth username authentication credentials logins site

Sample Comments

treenyc • Mar 3, 2016 • View on HN

can't believe they don't use https for their logins.

tcgv • Jun 2, 2014 • View on HN

How come they aren't using HTTPS in their login form?

1cvmask • Jun 23, 2020 • View on HN

The site lacks ssl for the login.

Locke1689 • Jun 16, 2011 • View on HN

Sorry to be the security weenie, but any chance we can get HTTPS for the login POST?

cuonic • Sep 9, 2016 • View on HN

Why no SSL on the login / registration pages ?

jjbinx007 • Jun 28, 2024 • View on HN

Were people entering login details on non-encrypted dummy sites?

icey • May 29, 2009 • View on HN

Will this work on sites that require a login to use?

maxlin • Oct 13, 2025 • View on HN

afaik they do not actually handle your logins

TurningCanadian • Feb 13, 2024 • View on HN

Passwords don't protect against spoofed login pages.

mtmail • Sep 21, 2017 • View on HN

Site asks for username and password on non-encrypted page.