I am currently building a custom forum type site for video games. Therefore, my audience would be anyone who likes video games (ie somewhat tech savvy).
The only sensitive information will be their login/email/password - no payments of any kind. AND The user will be required to have a unique username.
My Questions Are:
1) If I build a user login with their email/username & password, do I need to implement SSL?
2) Would OpenID be a better alternative to writing a custom login?
I know the whole custom login vs OpenID is a current ongoing debate, I was just looking for advice on my particular situation...
The short: Use a traditional login.
The long:
People understand traditional logins - people do NOT understand openid. Facebook connect cheapens your site and for the most part, so does twitter. So, use a traditional login. It's only the computer savvy that understand the notion of "saving you from yet another login".
Some people even think you (if incorporating OpenId) are gaining access to their presonal top secret gmail (openid account) information. They don't like that.
Incorporating openid seems simple at first, but beware - it is a nightmare. It is a monster that will only grow and grow.
So... don't use it, use a traditional login.