Firefox will display a lock icon with red strike-through in the address bar when a login page you’re viewing does not have a secure connection. This is to inform you that eavesdroppers and attackers could steal your password, if you enter it.

Starting in Firefox version 52, a warning message will display when you click inside the login box to enter a username or password.

Note: When you start typing in your login information, the warning message can obscure the password entry box. You can press the EnterReturn key after you type in your username (or click outside of the password area) to dismiss the warning.

What can I do if a login page is insecure?

If a login page for your favorite site is insecure, check if a secure version exists by preceding the URL with https:// in the address bar. You can also contact site administrator and ask them to secure their connection.

About insecure pages

Pages that need to transmit private information, such as credit cards, personal information and passwords, need to have a secure connection to help prevent attackers from stealing your information. (Tip: A secure connection will have "HTTPS" in the address bar, along with a green lock icon.)

Pages that don’t transmit any private information can have an unencrypted connection (HTTP). It is not advised to enter private information, such as passwords, on a web page that shows HTTP in the address bar. The information you enter can be stolen over this insecure connection.

Note for developers

For developers looking to learn more about this warning, please see this page. The page explains when and why Firefox shows this warning, and will also provide some details on how to fix the issue. For more information, see this blog post and this Site Compatibility document.