This is one of my pet-peeves courtesy of 37Signals (who I usually enjoy).
Security should not be an “upgrade” or an additional “feature” that needs to be paid for. Security should be considered an online right. When increased security is free everyone wins. I know that there is a cost associated with security (in this case SSL increases bandwidth).
Google gets it. They have https on by default for all gmail users.
Sorry that my first post in a while is a rant, but I figure that if this doesn’t motivate me to write a blog entry nothing will.
I would like to note that 37signals DOES secure all of their login screens by default. So they're one up on facebook.
they want you to upgrade for security. I don’t see the big deal.
I just think that if they deem SSL a business requirement to keep your data secure it should be across the board. There should be a certain baseline. “For $5 more we’ll encrypt your password in our database.”