Compare Revisions
Insecure connection password warning in Firefox
Revision 139245:
Revision 139245 by AliceWyman on
Revision 149214:
Revision 149214 by Tonnes on
Keywords:
Search results summary:
Firefox warns you when a login form is not secure and your information could be stolen.
Firefox warns you when a login form is not secure and your information could be stolen.
Content:
{for not fx51}[[T:update fx desktop]]{/for}
Firefox will display a lock icon with red strike-through [[Image:red strikethrough icon]] in the address bar when a login page you’re viewing does not have a secure connection. This is to inform you that if you enter your password it could be stolen by eavesdroppers and attackers.
Starting in [[Find what version of Firefox you are using|Firefox version]] 52, you will also see a warning message when you click inside the login box to enter a username or password.
;[[Image:Fx52insecurePW]]
'''Note:''' When you start typing in your login information, the warning message can obscure the password entry box. You can press the {for win,linux}{key Enter}{/for}{for mac}{key Return}{/for} key after you type in your username (or click outside of the password area) to dismiss the warning.
=What can I do if a login page is insecure?=
If a login page for your favorite site is insecure, you can try and see if a secure version of the page exists by typing ''https://'' before the url in the location bar. You can also try to contact the web administrator for the site and ask them to secure their connection.
{note}'''Not recommended:''' You can also continue to log in to the website even if the connection is insecure, but do so at your own risk. If you do go this route, try to use a unique password or a password that you don’t also use for other important sites.{/note}
=About insecure pages=
Pages that need to transmit private information, such as credit cards, personal information and passwords, need to have a secure connection to help prevent attackers from stealing your information. ('''Tip:''' A secure connection will have [[How do I tell if my connection to a website is secure?#w_green-padlock_2|"HTTPS" in the address bar, along with a green lock icon]].)
Pages that don’t transmit any private information can have an unencrypted connection (HTTP). It is not advised to enter private information, such as passwords, on a web page that shows ''HTTP'' in the address bar. The information you enter can be stolen over this insecure connection.
=Note for developers=
For developers looking to learn more about this warning, please see [https://developer.mozilla.org/docs/Web/Security/Insecure_passwords this page]. The page explains when and why Firefox shows this warning, and will also provide some details on how to fix the issue. For more information, see
[https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please/ this blog post] and [https://www.fxsitecompat.com/en-CA/docs/2016/insecure-password-input-warning-will-be-enabled-by-default/ this Site Compatibility document].
{for not fx51}[[T:update fx desktop]]{/for}
Firefox will display a lock icon with red strike-through [[Image:red strikethrough icon]] in the address bar when a login page you’re viewing does not have a secure connection. This is to inform you that if you enter your password, it could be stolen by eavesdroppers and attackers.
Starting in [[Find what version of Firefox you are using|Firefox version]] 52, you will also see a warning message when you click inside the login box to enter a username or password.
;[[Image:Fx52insecurePW]]
'''Note:''' When you start typing in your login information, the warning message can obscure the password entry box. You can press the {for win,linux}{key Enter}{/for}{for mac}{key Return}{/for} key after you type in your username (or click outside of the password area) to dismiss the warning.
=What can I do if a login page is insecure?=
If a login page for your favorite site is insecure, you can try and see if a secure version of the page exists by typing ''https://'' before the URL in the address bar. You can also try to contact the web administrator for the site and ask them to secure their connection.
{note}'''Not recommended:''' You can also continue to log in to the website even if the connection is insecure, but do so at your own risk. If you do go this route, try to use a unique password or a password that you don’t also use for other important sites.{/note}
=About insecure pages=
Pages that need to transmit private information, such as credit cards, personal information and passwords, need to have a secure connection to help prevent attackers from stealing your information. ('''Tip:''' A secure connection will have [[How do I tell if my connection to a website is secure?#w_green-padlock|"HTTPS" in the address bar, along with a green lock icon]].)
Pages that don’t transmit any private information can have an unencrypted connection (HTTP). It is not advised to enter private information, such as passwords, on a web page that shows ''HTTP'' in the address bar. The information you enter can be stolen over this insecure connection.
=Note for developers=
For developers looking to learn more about this warning, please see [https://developer.mozilla.org/docs/Web/Security/Insecure_passwords this page]. The page explains when and why Firefox shows this warning, and will also provide some details on how to fix the issue. For more information, see
[https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please/ this blog post] and [https://www.fxsitecompat.com/en-CA/docs/2016/insecure-password-input-warning-will-be-enabled-by-default/ this Site Compatibility document].