id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
24556	topics/auth/passwords should remind users about transport security	Sam Thursfield	nobody	"

The 'Password management in Django' page is comprehensive on the subject of storing passwords in the server. But it is missing out a key point about password security: traffic between client and server needs to be encrypted when sending user's login details.

Personally, I found the existing documentation so comprehensive that I thought 'great, someone has thought about all this for me and I don't need to worry about password security' and forgot all about the need for HTTPS until someone reminded me (several weeks later). So I think there needs to be a note on this page about HTTPS."	Cleanup/optimization	closed	Documentation	1.7	Normal	fixed			Ready for checkin	1	0	0	0	0	0