HTTPS

[quindraco]

Is there a reason the web site doesn't use secure http? I'm a bit nervous about my password leaking out.

[MarbitChow]

It doesn't use HTTPS because there is no critical data stored here.
Do not use the same username and password at a site like this that you would use for important sites such as banking or credit cards, and you'll be fine.
Since it's a low-value site (financially), there is very little reason for someone to target it.

[harknell]

If you are concerned about the store site you should know that we use Paypal to do the actual credit card processing, and once you go to their site to enter your information you are using an SSL connection during that process, so your financial information is never exposed.

[chimera]

In general it's important to use different passwords for different sites and security levels. To give you an idea of how the breakdown ought to work:

1. Web Mail: You should have a unique, strong password that you do not share for all of your email accounts. If one of these gets broken someone can reset any password for any other account which is tied to it, so this can be just as important as a banking password.

2. Banks or Financial Sites: These also need strong unique passwords. If one gets broken be it by brute force, phishing or plain old theft you need to make sure that everything else remains safe for damage control purposes. It's better to put out one fire than three.

3. Forums, Subscriptions, games and other Junk: These can use relatively weak passwords and there is no reason for you not to repeat passwords between them. If you feel that your reputation matters a lot for a particular forum or community it might make sense to use a unique password for it, but having this compromised doesn't really cost you anything. These are all endpoints that store non-vital information and these are also the least likely to be secured in general.