I have been perusing the info on ethical hacker for awhile now, and have finally decided to register. When registering, I was a bit surprised with the password requirements requiring alphanumeric, and upper and lower case characters, but then I thought this is a site about security so it makes sense. When I went to my email to check the verification link, I was a bit surprised to find my password there as I generally don't like receiving my password in an email since a lot of email communication is sent clear text. I also noticed the login to the forums was clear text as well.

Maybe I am making a mountain out of a mole hill by creating a post on this. I am by no means a security expert, and just trying to get my foot in the in IT, and security. But I am kind of interested why the forums require such a secure password, when the transmission protocols aren't secure? From a more experience security experts perspective, why the higher security password requirement without encrypted login? I ask mainly for ongoing learning, and to gain a better grasp on a security mindset. I typically use a lower level password for forum logins because I have the expectation that the process isn't really all that secure. I know I didn't have to divulge any real private information, but was kind of intrigued by my experience with the registration process.

Welcome to EH-Net. Thanks for coming out of silent-lurker status. We need more people like you.

No problem at all asking about the process. dale pretty much explained my thinking. But to add to it (and I know it's in the forum somewhere) one must also follow the concept of the right tool for the job. You wouldn't secure your local library the way you would Fort Knox, just as you wouldn't use a jackhammer on your dishes (except when I cook).

We don't ask for anything but your email address. No SS#, CC#, etc. etc. And the password you use for this or any other public site should NEVER be the same as the ones for you bank account, corp network, etc.

That being said, I have batted the https idea around in my head. I may revisit it now that I am on my last day at my regular job, and am leaving to dedicate time to EH-Net, ChicagoCon and other projects of interest.

Hope this helps,
Don

...lest ye end up with all your goodies posted on seclists.org as some of our esteemed colleagues recently have.