Hacker News new | past | comments | ask | show | jobs | submit login

Just about every signup and login form does this (and yes preferably over TLS only). What is the problem with it?

The alternative is browser-side encryption of the password before sending but that will get @tptacek rightfully punching you in the face for even mentioning it.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact