On Mon, Apr 29, 2013 at 9:40 AM, Chris Steipp csteipp@wikimedia.org wrote:
Personally, I think giving users safe defaults, but the option to shoot themselves *often* is the most secure option, because most users will use the secure defaults, and people who want another option will go to great, ugly lengths to circumvent your feature. This is the direction I've been working towards, but if there is strong support for another option, I'm happy to adjust.
I think is sane as well. You see similar patterns from products like Gmail, which have a preference to not use HTTPS all the time.
In the meantime, the new login form from our team detects whether the user is on the HTTPS connection, and embeds a link at the top of the form if you're not. Hopefully this will encourage more people to use it.
Steven