Must logins be a https page

Question

Several security experts have said in the past that the login page should be on ssl https. So what if my login is a block that\'s displayed on all pages. Does that mean that

Answer 1

Simple answer "Yes" your login page and rest of the websites should be served over SSL

And here is why from SSL Implementation FAQ:

• Can I put my Login form to HTTP and target my form to HTTPS?
• Is it secure switch back to HTTP after login over HTTPS?

Answer 2

If you want your data to be safe you have to use SSL(certified) on your whole site. But you don't need to have SSL to keep your passwords safe. You could for example use openID, facebook connect, twitter sign-in to handle this part for you. This way never passwords get sent over the wire in plain-text.