Browser Watch: Firefox 52 Adds Insecure Password Warning
Browsers Continue To Add Warnings About Insecure Content.
Firefox 52 is out now, and with a new release comes a new warning about HTTP.
There is a pattern here: browsers are incrementally adding warnings for HTTP, raising their expectations each month as the web moves further towards a fully-encrypted future.
So if you have not yet moved your site to HTTPS, you should really consider it.
This time the warnings are targeting login forms on insecure HTTP pages.
On any HTTP page, a new insecure password warning will appear directly below login fields when they become active (when a user clicks on/tabs to them). The warning makes sure any users will see the dangers of submitting data over HTTP.
The warning reads, “This connection is not secure. Logins entered here could be comprised.” The Learn More link goes to this Firefox support page.
The entire page will also receive the broken padlock icon which displays the same warnings when clicked.
If you want to see the warnings in your own browser visit http-login.badssl.com.
Google Chrome 57, which is due out next week, adds similar in-form warnings. In addition to password fields, Chrome also detects insecure credit card forms.
For now, auto-fill will continue to work on HTTP forms, but developers should expect this to change in the near future as browsers continue to restrict functionality on HTTP web pages in order to preserve user privacy.
Firefox developers noted that since enabling this feature by default in the Developer release, the number of HTTPS secured login forms increased from 40% to just about 75%.
Remember that ALL websites need to be HTTPS. Why? Because believe it or not, most sites expose some sort of personal information – be it search queries, passwords, etc. HTTPS also provides integrity guarantees, stops content injection, and allows you to use HTTP/2 which is lightning fast. If you want to know more, start here.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018in Hashing Out Cyber Security
How to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chromein Everything Encryption
Re-Hashed: How to Fix SSL Connection Errors on Android Phonesin Everything Encryption
Cloud Security: 5 Serious Emerging Cloud Computing Threats to Avoidin ssl certificates
This is what happens when your SSL certificate expiresin Everything Encryption
Re-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Messagein Hashing Out Cyber Security
Report it Right: AMCA got hacked – Not Quest and LabCorpin Hashing Out Cyber Security
Re-Hashed: How to clear HSTS settings in Chrome and Firefoxin Everything Encryption
Re-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithmsin Everything Encryption
The Difference Between Root Certificates and Intermediate Certificatesin Everything Encryption
The difference between Encryption, Hashing and Saltingin Everything Encryption
Re-Hashed: How To Disable Firefox Insecure Password Warningsin Hashing Out Cyber Security
Cipher Suites: Ciphers, Algorithms and Negotiating Security Settingsin Everything Encryption
The Ultimate Hacker Movies List for December 2020in Hashing Out Cyber Security Monthly Digest
Anatomy of a Scam: Work from home for Amazonin Hashing Out Cyber Security
The Top 9 Cyber Security Threats That Will Ruin Your Dayin Hashing Out Cyber Security
How strong is 256-bit Encryption?in Everything Encryption
Re-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3in Everything Encryption
How to View SSL Certificate Details in Chrome 56in Industry Lowdown
PayPal Phishing Certificates Far More Prevalent Than Previously Thoughtin Industry Lowdown