Insecure connection password warning in Firefox

Firefox Firefox Last updated: 1 day, 4 hours ago 73% of users voted this helpful

When you try to sign in on a website that isn’t using a secure connection (HTTPS), Firefox will warn you so you know your login details may not be safe. This helps protect your username and password from being stolen.

Why am I seeing this warning?

When you try to sign in on a page that does not use a secure connection (HTTPS), Firefox will display a warning. If you enter a password on an insecure page, it could be seen and stolen by others.

A secure webpage will have an address that begins with https:// and a lock icon Fx89Padlock in the address bar. If a login page you're viewing does not have a secure connection, the Firefox address bar will show a lock icon with a red strike-through Fx89Padlock-RedLine.

You'll also see a warning message when you click inside the login box to enter a username or password.

Fx122InsecureLogin
Note: When you start entering your login information, the warning message can obscure the password entry box. To dismiss the warning, either press the Tab key or click the page background after you type in your username.

What can I do if a login page is insecure?

The warning only appears on login forms that are not using HTTPS. This warning does not indicate your password has already been stolen.

  • If the login page is insecure, check if a secure version exists by adding https:// in front of the website address. You can also contact the website administrator and ask them to secure the connection. Otherwise, it is not recommended that you submit any information through the page.
  • Use different passwords for less secure sites. Don’t reuse your email, banking, or main account password. Otherwise, it is not recommended that you submit any information through the page.

About insecure pages

Insecure pages do not provide secure connections for visitors. Instead, they use an unencrypted (HTTP) connection, and any information shared with these pages is at risk. Pages that need to transmit private information (such as credit cards, personal information and passwords) need to have a secure connection to help prevent attackers from stealing your information.

You should not enter private information, such as passwords or any personal detail, on a page with an insecure connection. The information you enter over an insecure connection can be stolen. To learn more, see How do I tell if my connection to a website is secure?

Note for developers

For developers looking to learn more about this warning, please see this MDN Web Docs page. The documentation explains when and why Firefox shows this warning, and provides some details on how to fix the issue. You’ll need to add HTTPS support to remove this warning from your site. For more information, see this Mozilla blog post.

These fine people helped write this article:

AliceWyman, Tonnes, Mozinet, tanvi, Lan, pollti, Joni, Marcelo Ghelman, Rashid, iprithvitharun, Ihor Hordiichuk, PGGWriter, Erin S., tirucoady18, Fabi, emsin, Bithiah, Abby, JeremyKoozar, BD
Illustration of hands

Volunteer

Grow and share your expertise with others. Answer questions and improve our knowledge base.

Learn More