We run quite a few e-commerce sites for our customers and our recommendation is to always have personal information entered in on a secure page (if possible).

With regards to your question, we always secure login page, but I don't think it's 100% necessary if you don't store any CC information. Most web services like recruitment sites don't have secure member areas or registration forms and they don't seem to have a problem with sign-ups.

Is your site running on it's own IP address? Do you have the ability to install your own secure certificate? If so try it, you can buy a certificate for under £65.

In my experience user's are a funny bunch some expect a secure site and those that are like my wife don't even look or know about it!

Gareth

Normally the entry of address and login details is separate to the entry of CC details. That's probably good web design practice and allows you to keep your customers address details within your own database (which makes good marketing sense for shipping and/or direct mail). I normally don't expect to see the normal details entry page SSLed. In fact, it may be a little disconcerting to realise that the tld (top level domain) has changed when i'm about to enter my address details. I normally expect it for CC entry but not necessarily for normal details entry. It sniffs of unprofessionalism i find.

imho

Jomo

[edited by: Jomo at 9:20 am (utc) on Nov. 5, 2006]

[edited by: lorax at 12:53 pm (utc) on Nov. 5, 2006]
[edit reason] no URLs please [/edit]