Safer Login - Drupal 6 Module

Note!  This project is now an official Drupal project.  You may download it by going here:

network-security-lock.jpgWe all love Drupal, but unless you have an SSL certificate on your site, logins are not secure.  Usernames and passwords are submitted "in the clear" (meaning, not encrypted in any way).  This may not seem like such a big deal, but if you or your site visitors use the same usernames and passwords for everything-- say, Facebook, Bank accounts, Email, etc-- then a stolen password from your site can be a huge security risk.  The threat of a hacker sitting in the back of a StarBucks or computer lab with a laptop and a free packet sniffer is very real and very easy to pull off.

So, I created the Drupal 6 module "Safer Login."  It uses JavaScript to encrypt your visitor's passwords before they are ever submitted through the browser.  If they have JavaScript disabled, then they will log into Drupal the regular way with no warnings or error messages.

The module actually uses a salted approach to hash your visitor's password, and the salt changes with every log in attempt, so a "replay attack" is not possible.

If this module sounds useful to you, please use the download link at the top of this post to grab it.  Enjoy!