New user here! Thank you, Stan team, for such a tremendous tool!
I noticed something when signing up: The Stan forum site isn’t configured to use HTTPS. That means that every time users login, passwords are sent to the Stan servers in plaintext.
Admins, would you be willing to make the switch to HTTPS soon? The Electronic Frontier Foundation explains what protocols to use here, and makes the case for why the switch does not impact performance. Please do post back once you make the change, so that users could change their passwords if they so desire.
Users: this is a good time to remind everyone not to use the same password for multiple accounts. Also, the HTTPS Everywhere plugin for Firefox, Chrome and Opera can help you to increase the security of your interaction with some domains that are configured to be able to use HTTPS but which do not have it enabled by default for some URLs. In the case of this site, the plug-in doesn’t seem to help because HTTPS connections do not appear to be enabled on the back end at all. So, we really need help from the admins.
(Admins, if I’m wrong about the site not running with HTTPS, I’m running Firefox 60 on Ubuntu 16.04.)
Thanks very much!