Browser Watch: Firefox 52 Adds Insecure Password Warning
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

Browser Watch: Firefox 52 Adds Insecure Password Warning

Browsers Continue To Add Warnings About Insecure Content.

Firefox 52 is out now, and with a new release comes a new warning about HTTP.

There is a pattern here: browsers are incrementally adding warnings for HTTP, raising their expectations each month as the web moves further towards a fully-encrypted future.

To disable this warning, click here for instructions

So if you have not yet moved your site to HTTPS, you should really consider it.

This time the warnings are targeting login forms on insecure HTTP pages.

On any HTTP page, a new insecure password warning will appear directly below login fields when they become active (when a user clicks on/tabs to them). The warning makes sure any users will see the dangers of submitting data over HTTP.

Insecure Password Warning, Firefox 52

The warning reads, “This connection is not secure. Logins entered here could be comprised.” The Learn More link goes to this Firefox support page.

The entire page will also receive the broken padlock icon which displays the same warnings when clicked.

If you want to see the warnings in your own browser visit http-login.badssl.com.

Google Chrome 57, which is due out next week, adds similar in-form warnings. In addition to password fields, Chrome also detects insecure credit card forms.

For now, auto-fill will continue to work on HTTP forms, but developers should expect this to change in the near future as browsers continue to restrict functionality on HTTP web pages in order to preserve user privacy.

Firefox developers noted that since enabling this feature by default in the Developer release, the number of HTTPS secured login forms increased from 40% to just about 75%.

Remember that ALL websites need to be HTTPS. Why? Because believe it or not, most sites expose some sort of personal information – be it search queries, passwords, etc. HTTPS also provides integrity guarantees, stops content injection, and allows you to use HTTP/2 which is lightning fast. If you want to know more, start here.

 

10 comments
  • Some of us don’t need HTTPS when running websites inside our firewall that are not exposed to the outside world. This is another annoyance. Is there a way to disable it?

    • Hi Tomek,

      Are you running a service that allows logging in and is still using HTTP? Not to be rude, but your clients *should* be hesitant.

      The dangers of HTTP are very real. Once data is on the internet – who knows where it who will see it, save it, and use it. There is such wide-spread evidence of danger from criminals and governments. Recent incidents like Cloudflare’s Cloudbleed bug show that even non-malicious events can expose a user’s packets.

      Is there a reason your site is still on HTTP? We would love to help you set up secure HTTPS connections.

      • Hey Vincent.

        I run an commerce shop. I was under the impression that it was secure but I am getting this warning to on forefoot. Don’t get it on safari. I assumed it was another Firefox scam ( like the one that used to say “we detect a virus on your windows computer, click here for help”) How do I know if the site is secure? Any help would be appreciated. Thank you

        • Hi Craig,

          If Firefox is showing this warning, then the connection is not secure. The differences between browsers could be due to how they load/handle “mixed content” (HTTP resources on an HTTPS page).

          If you could share your site here, I can take a look. Otherwise you could try a free tool like this: https://www.whynopadlock.com

          -Vince

  • Even With the settings turned Off, New Cr@pware Feature is Still Trying to Phone Home !!!!
    Host floods on out on detectportal.firefox.com 🙁

Leave a Reply

Your email address will not be published. Required fields are marked *

Captcha *

Author

Vincent Lynch

The SSL Store’s encryption expert makes even the most complex topics approachable and relatable.