Now passwords are stored in a database with two-factor authentication for login and encrypted in MD5.
Don't you think that is kinda outdated for some years already?! Please update to some actual algo, rotate and salt it wisely.
We are working to implement SSL on login, registration, members area, auction and payment pages.