HTTPS/SSL certs

[Steve Wurster]

To Adam's point, the major browsers are already flagging non-HTTPS sites as insecure. If you click the Password box at the top of SMC in Chrome, a "Not Secure" box shows up to the left of the URL in the address bar. In Firefox, clicking in either the User Name or Password box will bring up a tool tip-style message pointing out that the connection is not secure. IE hasn't yet jumped on this bandwagon, but they probably will as some point. I believe Google is taking or going to start taking HTTP vs. HTTPS into account for its site rankings as well.

While HTTPS is not fully secure, it is certainly more secure than HTTP. Passwords can easily be read when using HTTP, so that's a good reason to move to HTTPS right there.

[Steve Demuth]

I can't even log on from the browser I have on my laptop, as it won't transmit a login password (or anything marked as such in the HTML form) over a non-SSL connection.

I really can't believe that in 2017 any website that thinks its worth knowing its users and having a login/password system would do so over plain-text http.