|
|
|
|
|
|
by skolor
4765 days ago
|
|
|
Pay-for-security is a bad path to go down. Compare pay-for-ssl to using md5 on the lower tier for password encryption, while the upper tiers get something like bcrypt, or you only get a salted password if you pay extra. It seems pretty absurd to require a payment for security, especially when you're implementing it for a subset of users. Its true that SSL is going to be more taxing on their servers, but the majority of the cost is going to be spent getting an engineer to implement it, rather than the actual operational costs. |
|
|
As for other reasons:
1. It leaves a bad taste in your customers' mouth. Security should be an option.
2. Imagine the disaster if someone makes front-page on HN complaining how their PW got snooped and their top-secret project plan is now public.
Pay-for-SSL was a bad idea back in 2005 - now it's a non-starter in my opinion.