I searched on google and found that very little attention has been paid to login security. Maybe because people feel other technologies - like SSL - should be used. However, I believe there are a lot others like me who use shared servers, and SSL is not possible for them.
I am currently using CHAP plugin to validate logins. It does seem to remove the risk of someone caching the password at proxy levels. However, keylogger still remain a problem - and these are also a problem with SSL.
1. CHAP cannot replace SSL, but is it a good enough workaround? to me it does look like its reasonably secure.
2. Is there a one-time password scheme that can be used with wordpress easily when accessing through cafes. there is one at kyps.net, but it doesnt seem like it can integrate with our wordpress blogs.