New: Firefox warns of login forms on non-HTTPS pages

18 February 2016

Firefox has displayed security alerts in Browser Console since Firefox Version 26 when an URL with a password field was opened across an http link:

Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen.

This is a clear sign that your service provider does not care of security. Since the continuous back and forth between browser application and the console is really annoying, this function was rarely used.

With the latest Version 44 Firefox displays a notification in the URL bar if you open a URL with a password field across an unsecured HTTP connection.

For configuration:

  • Open URL about:config in Firefox
  • Approve the warning that you will be careful when changing settings.
  • Set the value of the security.insecure_password.ui.enabled preference to true if you want to be warned about non-secure login pages

With this Firefox displays a pad lock with a red slash if Firefox opens a page with password field across an insecured connection:

FireFox warns of password field on insecure page

Firefox warns of password field on insecure page

Take care, and enjoy the new security feature.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s