Firefox is testing marking any page that sends passwords over HTTP as insecure

Firefox is testing marking any page that sends passwords over HTTP as insecure

A huge, but simple change in the latest Firefox Nightly build is a great step forward for the Web.

The browser now marks sites that show password fields but aren’t sent over HTTPS as insecure. A warning, with crossed out lock will appear in the address bar and explain that your credentials may be compromised if sent.

Screen Shot 2015-10-21 at 11.16.02 AM
Firefox explaining why not to send your password over HTTP

When clicked on, Firefox now provides further information about why the site is considered insecure, saying that “information sent over the internet without encryption can be seen by other people.”

It’s a bold move, since that insecure label is traditionally reserved for invalid security certificates, but this is an even better way to let people know that the page isn’t trying to keep passwords safe at all.

The feature is only in testing as part of Firefox 44 Nightly right now, but we’re hopeful it’ll be rolled out to everyone in the future.

Spotted via Richard Barnes on Twitter.

Read next: The only Twitter account you need to follow today is this bot tweeting old-school websites

Shh. Here's some distraction

Comments