Skip to main content

Replied to a post on github.com :

Also noting that given that TLS is now essentially free, can we revisit the level of nudging and pestering we do?

Modern browsers now start giving in-your-face warnings when a password input field is delivered over a non-TLS connection, with the obvious intention of eventually blocking POSTing of those forms entirely.

Could we start warnings? Perhaps starting with admin logged in warnings on the diagnostics terminal and ramping up from there...?