Why don't forums use https for logging in?

[StevenH]

I'm just reading about website security, SSL, https etc and I'm a bit confused/worried.

If forums, such as Mac Forums, don't use https for login details does that mean that username and passwords are sent in plain text across the web? i.e. without encryption?

 

[giulio]

Uh yep, I believe so. It's as insecure as saying the password over a phone line.

 

[StevenH]

Uh yep, I believe so. It's as insecure as saying the password over a phone line.

And how secure is that? Reading up a bit more reveals that people can use 'sniffer' programs to track things sent over a network (I'm assuming a small network like at home or office). But would these also be effective over the internet?

 

[Dysfunction]

How secure is that? Not very. Don't use your forum passwords for secure passwords. I'm wondering though why a fourm ID would be a serious target for anyone

 

[Eric559]

Why would HTTPS need to be used for a message board? There is no sensitive information being sent on here.

Things such as banking websites and other similar things are what should have HTTPS.

 

[lifeafter2am]

I have been on a few forums that allow https logins, but very few of them. Bottom line is that you shouldn't use the same password for everything anyway.

 

[mynameis]

HTTPs adds to the cost of running a site since you would have to buy SSL certificates, not really worth the cost for an account that no one would really want.

 

[alucard]

It also brings extra load on the server when it uses https

 

[durkajosh]

It also brings extra load on the server when it uses https

Not if you have an SSL Offloader.