RE: Should login pages be protected by SSL?

["Cowles, Robert D." <rdc () slac stanford edu>]

> -----Original Message-----
> From: Glenn Euloth [mailto:eulothg () hfx eastlink ca] 

>  You can't, however, expect your grandmother to 
> properly configure her browser to be highly 
> secure just to log in to a web-based forum where 
> she can post her favourite  blueberry pie
> recipe.  If someone breaks into her account does it really 
> matter?  And why would someone bother in the first place?  
> Where's the value in breaking in to such an account?

There may not be an advantage in breaking into that account
but consider that when grandmother registered at the web
site she probably picked the same userid and password
and password hint as she has at lots of other sites ..
some of which might be higher value (storing financial
information like credit card numbers or banking information).

In fact, it seems to be ignored that a wonderful way to collect
userid/password combinations is just to put up a web site and
ask people to register to access the content.  I would be willing
to be that a fairly high percentage of people don't take care to
consistently use a different password, in any case, from the
high-value sites.

Bob Cowles