mozilla Firefox 51 to Show Better Warnings When Logging in via Insecure HTTP Pages

[vissha]

Firefox 51 to Show Better Warnings When Logging in via Insecure HTTP Pages

 

 

Mozilla's security team previewed today a new set of indicators that will be added to Firefox 51, set for launch on Monday, January 23, and subsequent Firefox versions.

 

The biggest update to the Firefox UI is the addition of a new indicator for HTTP pages with password fields.

 

Starting with Firefox 51, whenever users will land on a login or registration page hosted over HTTP, Mozilla will show a grey lock with a bright red line across it.

 

This UI change is meant to alert users that their credentials might be intercepted due to the nature of the underlying non-secure HTTP connection.

 

 

Firefox was the first browser to warn users when entering credentials on HTTP pages, but previously this warning appeared only when users clicked on the "?" icon, showed left of the address bar.

 

Previous "login via HTTP" warnings in earlier Firefox versions

 

This change was added with the release of Firefox 44 and was soon copied by browsers such as Chrome, who now show similar warnings. The difference is that Chrome's warnings are a little bit more visible.

 

Chrome's current "login form on HTTP" warning system

 

Starting with Firefox 51, Mozilla will boost the visibility of this warning, so users see it right away, without having to click on a generic button in the URL bar.

 

Furthermore, Mozilla has officially confirmed a feature Bleeping Computer wrote about last November, which is in-page warnings for password fields.

 

These are warnings that appear right under the password field when users are attempting to log in via a non-secure (HTTP) page. This feature is currently scheduled for Firefox 52, set for release on March 6.

 

In-page warning for password fields on HTTP pages

 

But Mozilla engineers aren't done. In a future Firefox version, Mozilla plans show the same grey lock with a red line for all non-secure (HTTP) pages.

 

Mozilla engineers were evasive regarding the exact Firefox version when this major UI change will land, as they seem to wait for HTTPS adoption to grow to more than the current 50% before showing bright red warnings on half of all Internet pages.

 

Source