How do I tell if my connection to a website is secure?

Revision Information
  • Revision id: 25905
  • Created:
  • Creator: Verdi
  • Comment: New article for Fx 14
  • Reviewed: Yes
  • Reviewed:
  • Reviewed by: Verdi
  • Is approved? Yes
  • Is current revision? No
  • Ready for localization: Yes
  • Readied for localization:
  • Readied for localization by: Verdi
Revision Source
Revision Content

The Site Identity Button is a Firefox security feature that gives you more information about the sites you visit. Using the Site Identity Button, you can find out if the website you are viewing is encrypted, if it is verified, who owns the website, and who verified it. This should help you avoid malicious websites that are trying to get you to provide important information.

The Site Identity Button is in the Location bar to the left of the web address. Identity Button Win1 Identity Button Mac1 Identity Button Lin1

When viewing a website, the Site Identity Button will display in one of three colors - gray, blue, or green. Clicking on the Site Identity Button will display security information about the website, with a matching gray, blue, or green "Passport Officer" icon.
siteidbutton-larries.png

Gray - No identity information

siteidbutton-larry-gray.png When the Site Identity button is gray, that indicates that the site doesn't provide any identity information at all. Also, the connection between Firefox and the server is either unencrypted or only partially encrypted, and should not be considered safe against possible eavesdroppers.

Most websites will have the gray button, because they don't involve passing sensitive information back and forth and do not really need to have verified identities or encrypted connections. For sites that don't require any personal information, a lack of identity information is fine.

Note: If you are sending any sort of sensitive information (bank information, credit card data, Social Security Numbers, etc.) the Site Identity Button should not be gray.

Identity Button Win2 Identity Button Mac2 Identity Button Lin2

Blue - Basic identity information

siteidbutton-larry-blue.png When the Site Identity button is blue, that indicates that the site's domain has been verified, and the connection between Firefox and the server is encrypted and therefore protected against eavesdroppers.

When a domain has been verified, it means that the people who are running the site have bought a certificate proving that they own the domain and it is not being spoofed. For example, the TD Canada Trust website has this sort of certificate and an encrypted connection, so the Site Identity Button displays as blue. When you click on the Site Identity Button, it tells you that the easywebcpo.td.com site is verified to be part of td.com, as certified by VeriSign Inc. It also assures you that the connection is encrypted so no one can eavesdrop on the connection and steal your bank login information that way.

Identity Button Win3 Identity Button Mac3 Identity Button Lin3

However, it is not verified who actually owns the domain in question. There is no guarantee that td.com is actually owned by the Toronto Dominion Bank. The only things that are guaranteed is that the domain is a valid domain, and that the connection to it is encrypted.

If you are still leery about a site's identity when the Site Identity Button is blue, you can see more information about the site by clicking the More Information... button on the Site Identification dialog. This will open the Security panel of the Page Info window - View technical details about the page you are on, where you can view the site's identity certificate, see if you've visited the site before, and if you have any cookies or passwords stored for the site.

Green - Complete identity information

siteidbutton-larry-green.png When the Site Identity button is green, that indicates that the site provides fully verified identity information about its owner, and that the connection is encrypted.

If a site makes the Site Identity Button turn green, it means that it is using a new Extended Validation (EV) certificate. An EV certificate is a special type of site certificate that requires a significantly more rigorous identity verification process than other types of certificates. While the blue Site Identity Button indicates that a site uses a secure connection, the green Site Identity Button indicates that the connection is secure and that the owners of the domain are who you would expect them to be.

With the EV certificate, the Site Identity Button assures you that paypal.com is owned by Paypal Inc., for example. Not only does the Site Identity Button turn green on the Paypal site, it also expands and displays the name of the owner in the button itself. The Site Identification dialog contains further information.

Identity Button Win4 Identity Button Mac4 Identity Button Lin4

The Site Identity Button is a Firefox security feature that gives you more information about the sites you visit. You can quickly find out if the website you are viewing is encrypted, if it is verified, who owns the website, and who verified it. This should help you avoid malicious websites that are trying to get you to provide important information.

The Site Identity Button is in the Location bar to the left of the web address.

Site Identity Block 14 - Win

When viewing a website, the Site Identity Button will be one of four icons - a gray globe, a gray padlock, a gray warning triangle, or a green padlock. Clicking on these icons will display identity and security information about the website.

Identity Icons 14

Gray globe

A gray globe indicates:

  • The website does not supply identity information.
  • The connection between Firefox and the website is not encrypted and should not be considered safe against eavesdropping.

YouTube - Gray globe - Win

Most websites will have the gray globe, because they don't involve passing sensitive information back and forth and do not need to have verified identities or encrypted connections.

Note: If you are sending any sort of sensitive information (bank information, credit card data, Social Security Numbers, etc.) the Site Identity Button should not be a gray icon of any kind.

Gray padlock

A gray padlock indicates:

  • The website's address has been verified.
  • The connection between Firefox and the website is encrypted to prevent eavesdropping.

Facebook - Gray padlock - Win

When a domain has been verified, it means that the people who are running the site have bought a certificate proving that they own the domain and it is not being spoofed. For example, Facebook has this sort of certificate and an encrypted connection, so the Site Identity Button displays a gray padlock. When you click on the padlock, it tells you that you are actually connected to facebook.com as certified by VeriSign Inc. It also assures you that the connection is encrypted so no one can eavesdrop on the connection and steal your Facebook login information that way.

However, it is not verified who actually owns the domain in question. There is no guarantee that facebook.com is actually owned by Facebook the company. The only things that are guaranteed is that the domain is a valid domain, and that the connection to it is encrypted.

Gray warning triangle

A gray warning triangle indicates:

  • The website does not supply identity information.
  • The connection between Firefox and the website is only partially encrypted and does not prevent eavesdropping.

Google Reader - Gray warning - Win

Sometimes, like in the case of Google Reader, it means that some of the content displayed comes from websites that are not encrypted. You can see more information about the site by clicking the More Information... button on the Site Identification dialog. This will open the Security panel of the Page Info window - View technical details about the page you are on, where you can view the site's identity certificate, see if you've visited the site before, and if you have any cookies or passwords stored for the site.

Green padlock

A green padlock indicates:

  • The website's address has been verified using an Extended Validation (EV) certificate.
  • The connection between Firefox and the website is encrypted to prevent eavesdropping.

PayPal - Green padlock - Win

A green padlock plus the name of the company or organization in green means that website is using an Extended Validation (EV) certificate. An EV certificate is a special type of site certificate that requires a significantly more rigorous identity verification process than other types of certificates. While the gray padlock indicates that a site uses a secure connection, the green padlock indicates that the connection is secure and that the owners of the domain are who you would expect them to be.

With the EV certificate, the Site Identity Button assures you that paypal.com is owned by Paypal Inc., for example. Not only does the padlock turn green on the Paypal site, it also expands and displays the name of the owner in the button itself.


 




Based on information from dria.org » Blog Archive » Firefox 3: Site Identification button