Strong password required but site not https

[ggemelos]

I have been a member for a while.  When I first signed up I was surprised that the site required a strong password.  A bit different for a forum, but probably a good thing.  What I found odd was that it appears the site transits the passwords in the clear, not ssl encrypted.  Generally if you go to the trouble of requiring a strong password, you will also require users to access the site via https before they transmit their passwords.  The danger of the current configuration is that by requiring users to use a strong password, you increase the likelihood that they reuse a strong password from another account, such as an email or banking account, which is then transmitted in the clear and easily intercepted by a third party.  Of course the majority of users will not reuse important passwords, but there will be a few.  Please consider switching to https for account login or at least drop the strong password requirement. 

[ducpainter]

At the time we went to a strong password it was to reduce the number of spambots that were technically advanced enough to register by creating one.

They've long surpassed the strong pass challenge, so it doesn't really make a difference. The newer version of the forum software might be the only way to reduce spam registrations at this point.

People really are responsible for their own password security though IMO.

I can change it if no one has any objections. It won't require anyone change their password. I don't think we require an SSL cert.