On Sat, Oct 18, 2014 at 2:50 PM, Anne van Kesteren ann...@annevk.nl
wrote:
I'd be interested in hearing why sites such as forums have not made
the switch yet. If you're hosting passwords it seems downright
irresponsible at this point to not use TLS.
The most common reasons I've seen are:
-
Hi Anne, hi All:
Here, in EEA I've noticed and see the same reasons that Glenn exposes,
with subtle emphasis on the reasons three , four and five.
Regards
---
Delfi Ramirez
My digital signature [1]
+34 633 589231
del...@segonquart.net [2]
twitter: delfinramirez
IRC: segonquart
On 2014-10-17 17:09, Nils Dagsson Moskopp wrote:
Roger Hågensen resca...@emsai.net writes:
Also http logins with plaintext transmission of passwords/passphrases
need to go away, and is a pet peeve of mine, I detest Basic
HTTP-Authentication which is plaintext.
Note that Basic Auth + HTTPS
Roger Hågensen resca...@emsai.net writes:
Also http logins with plaintext transmission of passwords/passphrases
need to go away, and is a pet peeve of mine, I detest Basic
HTTP-Authentication which is plaintext.
Note that Basic Auth + HTTPS provides reliable transport security.
Hashing
Was Re: [whatwg] Proposal: Write-only submittable form-associated
controls.
On 2014-10-16 01:31, Eduardo' Vela Nava wrote:
If we have a password manager and are gonna ask authors to modify their
site, we should just use it to transfer real credentials, not passwords..
Passwords need to die