On the Security of Conference and Journal Submission Sites

It is well known that many, if not most, people re-use the same password on multiple Web sites [3], even though this practice has been frequently criticized by privacy and security experts. Therefore, Web applications that allow users to choose their own passwords should, at the very least, protect these passwords in transit using SSL [2]. HotCRP is one such Web application. HotCRP is now widely used by computer systems conferences and journals; for example, Tiny ToCS.