There are many websites where you have to "login" by entering your username and password. Always check if the page that you are logging into is using "http://" or the "https://" protocol. Just look at the URL on your browser address bar to see if the URL starts with "http://" or "https://". If it is the former, then your password is being "transmitted in clear text". If it is the latter, then your password is transmitted via "http over a secured socket layer". What that means is that your password and whatever data that is being transmitted from your browser to the server is encrypted prior transmission and decrypted on the server side.
Your browser will also indicate whether you are transmitting over a secured socket layer HTTPS by the indication of a lock icon.
If you are entering sensitive information such as passwords and/or credit card information you want it to be transmitted over "https" as opposed to "http".
If you are on a financial website or an eCommerce website, you should make sure it is using https. These includes online banking websites, PayPal, shopping sites such as amazon.com, and so on.
Understandably, there are some sites (such as MySpace as of June 2008) that has login pages that implemented only in HTTP and where HTTPS protocol is not available. If you do use it then make sure that the password that you create for your account is not the same as your financial banking password. That way, even if the former password is compromised, your more secured password is not.
The danger of transmitting passwords and sensitive information over HTTP instead HTTPS is that a hacker can use a "line-sniffer" that can intercept all data being transmitted over certain internet routes. If you password happens to be part of that data that has been "sniffed", then if it is not encrypted, the hacker will be able to see it. HTTPS ensures that even if your data has been captured, it is encrypted and is still not accessible by the hacker.
Note that the hacker does not need to be active during the time that you transmit the data. The hacker can install line-sniffing software that is run continuously and can be intercepting data over long periods of time.
W3C (World Wide Web Consortium) website says "The principle advice provided is that passwords MUST NOT be transmitted in the clear."
Many webmail providers have both a HTTP and HTTPS connection method.
For example, Windows Live (the new Hotmail login) uses HTTP connection method when you login at http://login.live.com/. But there is a link to enhanced security using HTTPS at https://login.live.com.
Gmail and Yahoo uses the HTTPS protocol.
