Possible reasons to Base64encode the password in a HTTPS request

Question

A while back I was accessing this website of a high-end department store (over HTTPS) and when I logged in I noticed that that the form data being send in the request didn't contain my plain-text password but the Base64 encoded variant.

To clarify here's the form data being send (with fake credentials):

email: johndoe%40gmail.com
password: aGVsbG9fd29ybGQ=

Now I got a bit confused on why it's base64 encoded in the request. And it also made me doubt myself if what I was doing on my own website was actually secure (sending the plain-text password over HTTPS). I thought that pretty much everything would be encrypted in a request like this when sending it over HTTPS, so what would be the point in base64 encoding it beforehand?

Maybe I'm just overthinking it and they do encode it for reasons not related to security. Still the question remains, what would be a possible reason to base64 encode the password in the request?

Answer 1

base64 does nothing to improve security whatsoever. The only reason I can see to base64 encode the password is to remove characters that are somehow not safe to be included during the request.

Either that, or the website in question is literally using base64 as "encryption". You would be surprised how many large companies are using abysmal security practices: https://plaintextoffenders.com/

To be clear: plain text and base64 are practically the same thing. You are doing nothing wrong by sending the password plaintext over a secure connection.