You should use a different one for every site.

And it's super simple for DU to implement HTTPS for login, just as all major E-mail sites (Gmail, Yahoo, Outlook, etc) do.

Purchase an inexpensive SSL certificate from Godaddy, for instance. DU admins install it. Voila. HTTPS and now all our user credentials are encrypted as they go over the Internet.

so I understand why this site doesn't want to. Even the free Let's Encrypt certs are a huge hassle since they expire so quickly as is their policy in order to make them difficult to use.

are usually renewed every 3 to 5 years. Revising the SSL encryption can be performed more often, but that's up to the admin.

What SSL certificates are you talking about?

They have over half of the HTTPS page loads now according to:

https://letsencrypt.org/stats/

They're a pain to keep up with. With the nearly three hundred we have where I work, we're updating over three certs a day on average.

if you're spending man hours chasing your tail. Just buy SSL certificates that don't expire in 90 days like the FREE ones.

Am I missing something?

Here's the link:

http://www.democraticunderground.com/?com=forum&id=1259

The Lounge is not the place for questions like this.

I remember a couple of incidents here on DU where someone started posting under another user's name, but it's usually been that someone had physical access to a member's computer.

Years ago I got into trouble with Wikipedia because I'd forgotten to log out and my teenage kids and their friends decided they'd have some fun adding silly stuff to various Wikipedia pages.

Wow, did I learn how fiercely protective people are of their Wikipedia turf.

If the same happened here on DU I'm certain regulars would notice it wasn't me posting and admin would patch over any damage done.

I do expect reasonable security on my email accounts and I use a different password on every site that requires a password.