On the subject of login forms security
This post has a twofold goal. Make users aware of the implications of non-secure login forms is one. The other and most important one, given the nature of this blog’s audience, is make website makers and webmasters aware of this problem, and how easy they can solve it.
I’ll also examine the alternative of implementing OpenID as the sole login provider of a website, and how it becomes the most suitable option for the majority of scenarios today.