Jump to content

Firefox testing verbose password field warning on non-secure (HTTP) pages


Batu69

Recommended Posts

Following in the footsteps of Chrome it seems FireFox is testing a UI change to highlight further the dangers of password fields on non-HTTPS pages.

Currently Firefox already displays a red crossed out padlock when visiting a standard HTTP page with a password field. Clicking the padlock provides a more verbose warning.

 

 
1*4gmvlSZXnXkPkeThVs6s7Q.png

Ryan Feely UX designer at Mozilla recently tweeted an update showing an even more prominent warning message at the point of submitting the insecure form data.

Quote

 

I have tested this on the current Firefox nightly build but at present this does not display. It is possible Firefox could release this before the Chrome Not Secure warning coming in Chrome 56.

 

Article source

Link to comment
Share on other sites


  • Replies 6
  • Views 802
  • Created
  • Last Reply

A nice feature, but we should take in account that actually many ordinary http websites and even blogs use passwords not for the user's security but as a way to check and control access to their sites. Many unaware users will get a scare when they'll see these warnings, just as they are currently confused when they get a warning about signature issues and problem related to "https" access. So I presume individual criteria should prevail when you see one of these striking warnings but the problem is that most Windows users DON'T HAVE criteria.

Just a simple example: yesterday my brother in law called me alarmed that he got a long warning from something like "Mozilla Commander" about a collapse of Firefox. "WHAT CAN I DO NOW?". I had to explain him: nothing. Turn off the warning and restart Firefox. Next funny question was "Is Mozilla the same thing as Firefox?" Now, funny point is that this guy has been using a computer since about 25 years but he simply doesn't understand some "basics" and I firmly believe that this goes for millions of internet users.

So, my feeling is that this Firefox (and Chrome) warning is a fine step toward security but I'm afraid it will create panic among unaware users.

Link to comment
Share on other sites


The thing is i keep reading  that Firefox  is following in the foot steps  of chrome  seems there going to become like Opera with a 0.53% marketshare  or something  Firefox is already a niche browser aimed toward the power user  it only have like a 5.78 % marketshare by the end of 2017 the few left on it will be using it simply because it has the Firefox name   its following in the foot steps of chrome when there's already like 20 chrome  browsers out there already and see were it got Opera they ended up selling it too China and only have like a 0.53% marketshare today  :P

 

My firewall  has builtin telemetry block it blocks it by default  ..No matter how much stuff you disable in the settings  it still trying to collect data.

 

ff_tb.png

 

If it was not for my Firewall that crap would getting by i guess I'm going have to investigate  and see if its someway too shut it off trough about config .

 

Link to comment
Share on other sites


  • Administrator

This message - Logins entered on this page could be compromised - message may actually look to the users that as if the site has been hacked recently and such.

Link to comment
Share on other sites


Firefox 52: Contextual Warning For Insecure Login Field

 

We’ve told Firefox will warn you in the URL bar mentioning the connection is not secure when you visit an insecure page that has login form. Firefox 52 to show the contextual warning to users right in login fields on an HTTP page or form if you try to type username or password : ‘This connection is not secure. Logins entered here could be compromised. This feature is currently disabled by default, you can test this changing  security.insecure_field_warning.contextual.enabled to true and signon.autofillForms.http to false.

 

Firefox-52-contextual-warning-insecure-p

 

Firefox 51: Mozilla turns on Insecure Password Warning

 

Source

Link to comment
Share on other sites


10 hours ago, vissha said:

Firefox 52 to show the contextual warning to users right in login fields on an HTTP page or form if you try to type username or password : ‘This connection is not secure. Logins entered here could be compromised. This feature is currently disabled by default, you can test this changing  security.insecure_field_warning.contextual.enabled to true and signon.autofillForms.http to false.

Good to know. For most users best option is to KEEP IT disabled. I feel, that this note should be recorded and if Firefox should decide enable it by default might help many alarmed users... disabling it

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...