A huge, but simple change in the latest Firefox Nightly build is a great step forward for the Web.
The browser now marks sites that show password fields but aren’t sent over HTTPS as insecure. A warning, with crossed out lock will appear in the address bar and explain that your credentials may be compromised if sent.
When clicked on, Firefox now provides further information about why the site is considered insecure, saying that “information sent over the internet without encryption can be seen by other people.”
It’s a bold move, since that insecure label is traditionally reserved for invalid security certificates, but this is an even better way to let people know that the page isn’t trying to keep passwords safe at all.
The feature is only in testing as part of Firefox 44 Nightly right now, but we’re hopeful it’ll be rolled out to everyone in the future.
Spotted via Richard Barnes on Twitter.