Note! This project is now an official Drupal project. You may download it by going here: http://drupal.org/project/safer_login
We all love Drupal, but unless you have an SSL certificate on your site, logins are not secure. Usernames and passwords are submitted "in the clear" (meaning, not encrypted in any way). This may not seem like such a big deal, but if you or your site visitors use the same usernames and passwords for everything-- say, Facebook, Bank accounts, Email, etc-- then a stolen password from your site can be a huge security risk. The threat of a hacker sitting in the back of a StarBucks or computer lab with a laptop and a free packet sniffer is very real and very easy to pull off.
The module actually uses a salted approach to hash your visitor's password, and the salt changes with every log in attempt, so a "replay attack" is not possible.
If this module sounds useful to you, please use the download link at the top of this post to grab it. Enjoy!