On Mon, Apr 29, 2013 at 9:40 AM, Chris Steipp <cste...@wikimedia.org> wrote:
> Personally, I think giving users safe defaults, but the option to > shoot themselves *often* is the most secure option, because most users > will use the secure defaults, and people who want another option will > go to great, ugly lengths to circumvent your feature. This is the > direction I've been working towards, but if there is strong support > for another option, I'm happy to adjust. > I think is sane as well. You see similar patterns from products like Gmail, which have a preference to not use HTTPS all the time. In the meantime, the new login form from our team detects whether the user is on the HTTPS connection, and embeds a link at the top of the form if you're not. Hopefully this will encourage more people to use it. Steven _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l