HTTPS

Sensitive web traffic should be sent over an encrypted channel -- that's what HTTPS is for.

HTTPS is HTTP over TLS, a security mechanism that encrypts traffic in both directions, and vouches for the authenticity of the web site the user agent is communicating with. All sensitive traffic to your site should be sent over HTTPS -- generally this means securing your authentication page and anything that lies behind it. Unencrypted communication can leave you vulnerable to monster-in-the-middle attacks.

The process for installing HTTPS on your site will vary, depending on how it is hosted. Generally this means purchasing a security certificate from a trusted vendor, and configuring your web stack to encrypt traffic.