|Reported by:||robertaccettura||Owned by:|
- no need to buy an SSL Cert (more affordable)
- safer for login via hotspot, etc.
- extra security measure
Should fallover so it's possible to login without. For example:
- If JS is enabled, it should set a hidden <input/> to give the thumbs up for encryption.
- If JS is disabled, the <input/> remains off, and login is via insecure plain text.
- If server can't support it, it's off. Implementation could likely be done by piping to OpenSSL or an included class.
This is already done by sites like Meebo.
Example (and possible code to use, if licensing can work) here:
1024bit RSA would be a big security gain. And this way there's no good reason for WP users with remotely modern browsers to not be encrypting.
Bonus points if you can serialize all form data and transmit encrypted.