Usernames and passwords have absolutely nothing to do with HTTPS. In order for the site to use it they have to have a security certificate and otherwise configure their site to use SSL. It can be done for vB sites like this (I maintain one that does), but apparently, EAA has not.