Originally Posted by
Heathrow Harry
but this is a real problem - how do you increase security without making the day-to-day operation such a painful experience? Too many security features are irritating and get in the way of doing the job - which is why we're sitting in front of the screen to begin with
Using HTTPS does just that - it's completely transparent to the user of the web site. If done correctly most users won't even notice when a site switches from HTTP to HTTPS. But since they don't notice they also don't know when they're using a site that is not secure, and the only way to make them aware is to put in a notice. Moreover, having that notice pop up and bother their users may convince the operators of unsecured web sites to finally mend their ways and switch over to HTTPS.
To be honest, I really don't understand all that moaning about a message appearing that warns people that what they are doing may incur considerable risks. I'd consider it more as kind of a public service.