Downloaded Mozilla Firefox 4 and yellow security lock disappeared from lower right hand corner - where did it go?
I downloaded the update of Firefox to Mozilla Firefox 4 today and noticed the changes in the tool bars/info bars. I am concerned because I no longer see the yellow security lock at the bottom right hand corner of the screen when I log onto a site which should have secure access for information and/or purchase. I do not see any other icon which has replaced it either. Is it safe to log on to my bank, credit card, make online purchases, and how do I know this?
Wšykne wótegrona (13)
The padlock has been replaced by the site identity button, for details on using it see https://support.mozilla.com/kb/Site+Identity+Button
There is one major problem with this new feature. Firefox now doesnt notify you if some of the content in the page is insecure. MAJOR MAJOR security hole. Maybe I'm wrong and there is some notification but I havent seen it yet. Now when I'm putting in my credit card number there could be an insecure javascript function on the page collecting that number and sending it plain text over the internet. Great!
Ok like I said just not very clear. The site identity button just disappears. This is one area that IE has always been better unfortunately. It allows you to load only secure items on the page to prevent eavesdropping. It also pops up an error to warn you about it. Which keeps less savvy users from using an insecure connection.
See http://www.dria.org/wordpress/archives/2008/05/06/635/ dria.org » Blog Archive » Firefox 3: Site Identification button
Yeah thats why I like IE's implementation. They give an alert that notifies you of insecure content. It even gives an option to not load the insecure items. There is no such option in firefox. The old padlock did show an exclamation mark on the lock that told you it was not safe which is basically the same as the site identity button disappearing. So now that I have figured this out I know that the site identity button will disappear when it isnt safe. Normal internet users will be able to figure this out but my 60 year old mother will not. She will see the identity button on the first page of a 5 page form requiring identifying information and wont realize that page 5 is not completely secure for instance. The site identity button missing from the address bar is easily missed while the IE alert on page 5 will tell her something is wrong. But this is an issue I have always had with firefox so I guess its nothing new.
If FF4 is not warning users about insecure content on a page, it can definitely be a security issue, as many external JavaScript calls may pass sensitive information, and it should be passed securely.
If you want to see if a secure page is actually fully secure, paste the https URL into the text box at:
Okay, thanks for clearing that up. However as people are accustomed to seeing the gold lock I think it would be GOOD if it was also displayed where is was previously as well as the new 'site ID button. It's hard to change old habits.
I'm not as concerned at the lack of the yellow icon as I am at the lack of a proactive warning that a page contains both secure and insecure content. (And no, I don't consider turning the background on one button grey a proactive warning, especially since I do a lot of work in test environments with self-signed certificates.)
I do web QA, and my devs have been known to screw up the templates and hard code HTTP references on HTTPS pages. I know that most users don't care about those sorts of warnings and told them to go away and not come back, but those of us who do care for whatever reason care a whole lot. Not having even the option to display the old style warning is a big problem. Any time I have to tell people that older versions of Firefox, or even IE, are preferable for security testing, there is a problem.
I agree you should make the padlock automatic. I really need to know if the site is secure and the site id button is confusing
You can click the How do I tell if my connection to a website is secure? on the left end of the location bar to see the padlock if there is a secure connection.
A click on the "More Information" button will show more details about the connection.
The background color of the "Site Identity Button" on the left end of the location bar will change color (blue or green) and show the domain in case of a secure HTTPS connection.
- Hover the How do I tell if my connection to a website is secure? then to see "Verified by xxxx"
- Click the "Site Identity Button" on the left end of the location bar to see the padlock
- Click the "More Information" button in that pop-up to see additional information about the connection.
The whole point is that it now takes more 'clicks' to accomplish the same thing as a quick glance use to. This seems to be the pattern with Firefox 4 (hiding useful controls). Imagine for a minute that there is this great new car with more horsepower, acceleration and better gas mileage but part of the improvements are to put the gas pedal on the left, brake on the dash and have a tuck-away steering wheel. Not to worry though, since there are kits for you or your mechanic to fix some of this.
Actually, you don't have to click anything. If the favicon is green, it means all transmissions are encrypted.
Click the link the-edmeister posted to see what I mean.
Wót Xircal