On Mon, Apr 29, 2013 at 9:40 AM, Chris Steipp <csteipp(a)wikimedia.org> wrote:
Personally, I think giving users safe defaults, but
the option to
shoot themselves *often* is the most secure option, because most users
will use the secure defaults, and people who want another option will
go to great, ugly lengths to circumvent your feature. This is the
direction I've been working towards, but if there is strong support
for another option, I'm happy to adjust.
I think is sane as well. You see similar patterns from products like Gmail,
which have a preference to not use HTTPS all the time.
In the meantime, the new login form from our team detects whether the user
is on the HTTPS connection, and embeds a link at the top of the form if
you're not. Hopefully this will encourage more people to use it.
Steven