Gliffy, the popular online Visio replacement makes you pay for an SSL login
Update: So as you can see from the comment section, Chris Kohlhardt, the CEO of Gliffy took the time to reply and set the record straight from their end. Their login process is SSL-enabled for all, despite their statement of “Secure SSL login” only for Premium accounts is apparently an error in… semantics? It’s not really up to me to figure out whether the person who wrote that site copy is unaware of what the difference between a ‘secure SSL login’ and ‘secure browsing’ is, but I’d at least say to get that changed and not expect consumers to view an HTML source to find out the truth.
As I was logging into Gliffy today for the first time in a few years, I noticed that there were two buttons to submit the login form with: one for a ‘basic’ login and one for a ‘secure’ login. To me, a secure login in 2010 is a basic login. The people behind Gliffy however believe that protecting your login credentials is worth at least $5/mo to you.

In a business model that offers both free and paid accounts, I feel that a company should make you pay for added features, storage, or accessibility to data that you are using their site for. I, like most people, realize that ad-based sites aren’t the preferred option. A site like Gliffy allows for many areas to make users pay for ‘more’. The number of documents you are able to store, file upload size limits, the number of users allowed to access your files. With all of these major points of wanting to upgrade, why nickel-and-dime our security?
It’s appreciated whenever a company offers free service, of any magnitude. What’s not appreciated, however, is when a company feels that they should charge you to securely give your username and a password to a form. The sharing of data networks is only continuing to grow and as-such, a vast majority of web sites (reputable ones, at least) at the very least encrypt your login credentials. Whether they encrypt all data during your session is a whole different matter, but most can agree that protecting credentials is a general necessity.
This isn’t meant to be a launch point for ‘well SSL is useless anyways’. SSL for credential logins is useful in the vast majority of situations people actually deal with every day. At this point in the Internet and networking, not allowing someone to choose to login securely with personal credentials for a reputable and fairly well-known (for the context) company, is ridiculous.
Lastly, I am not complaining that the Gliffy site doesn’t run in SSL for all content, merely that an SSL login should be provided, free of charge, to anyone using their service. This is a standard practice for most web sites and Gliffy should step-up and do the right thing for everyone’s privacy.
