> Having the user send their password over a non-SSL connection when they choose... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		aianus on June 22, 2014 \| parent \| context \| favorite \| on: Passwords in plain text > Having the user send their password over a non-SSL connection when they choose it in the very first place is also less-than-perfect security. Who does that? That's even worse than storing it in plain text on the backend.

oneeyedpigeon on June 22, 2014 [–]

The first site [1] on the blog in question, for example.

[1] http://www.assosfactoryoutlet.com/customer/account/create/

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact