The orcid.org/register form is on an insecure (http) server. This is a problem because the form requires the user to set a password. The passwords are being sent to your server in clear text. I strongly recommend that you host the registration form on an secure (https) server. Also make sure you are hashing stored passwords.
Please sign in to leave a comment.