Compare Revisions
Insecure connection password warning in Firefox
Revision 228672:
Revision 228672 by Mozinet on
Revision 235596:
Revision 235596 by jmaustin on
Keywords:
Search results summary:
Firefox warns you when a login form is not secure and your information could be stolen.
Firefox issues an insecure password warning when a web page's login form is not secure and your information could be stolen.
Content:
Firefox will display a lock icon with red strike-through {for not fx89}[[Image:red strikethrough icon]]{/for}{for fx89}[[Image:Fx89Padlock-RedLine|width=30]] {/for} in the address bar, when a login page you’re viewing does not have a secure connection. If you enter a password on such a page, eavesdroppers or attackers could steal it.
You will also see a warning message when you click inside the login box to enter a username or password.
;[[Image:Fx52insecurePW]]
{note}'''Note:''' When you start entering your login information, the warning message can obscure the password entry box. To dismiss the warning, either press the {key Tab} key or click on the page background after you type in your username.{/note}
=What can I do if a login page is insecure?=
If the login page is insecure, check if a secure version exists by adding ''https://'' in front of the website address. You can also contact the website administrator and ask them to secure the connection.
;{for not fx89}[[Image:FF70 Gray Padlock]]{/for}{for fx89}[[Image:Lock89addressbar]] {/for}
{note}'''Not recommended:''' You can also continue to log in to the website even though the connection is insecure, but do so at your own risk. If you choose to log in, use a unique password that you don’t use elsewhere.{/note}
=About insecure pages=
Pages that need to transmit private information (such as credit cards, personal information and passwords) need to have a secure connection to help prevent attackers from stealing your information.
'''Tip:''' A secure connection will have {for not fx89}[[How do I tell if my connection to a website is secure?#w_padlock|"HTTPS" in the address bar, along with a gray lock icon]]{/for}{for fx89}[[How do I tell if my connection to a website is secure?#w_padlock|"HTTPS" in the address bar, along with a lock icon]] [[Image:Fx89Padlock]].{/for}
Pages that don’t transmit any private information can have an unencrypted connection (HTTP). But, it is advised not to enter private information, such as passwords. The information you enter can be stolen over this insecure connection.
{note}
=Note for developers=
For developers looking to learn more about this warning, please see [https://developer.mozilla.org/docs/Web/Security/Insecure_passwords this page]. The page explains when and why Firefox shows this warning, and will also provide some details on how to fix the issue. For more information, see [https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please/ this blog post].
{/note}
If a login page you're viewing does not have a secure connection, Firefox will display a lock icon with a red strike-through {for not fx89}[[Image:red strikethrough icon]]{/for}{for fx89}[[Image:Fx89Padlock-RedLine|width=30]] {/for} in the address bar. If you enter a password on such a page, eavesdroppers or attackers could steal it.
You will also see a warning message when you click inside the login box to enter a username or password.
;[[Image:Fx52insecurePW]]
{note}'''Note:''' When you start entering your login information, the warning message can obscure the password entry box. To dismiss the warning, either press the {key Tab} key or click on the page background after you type in your username.{/note}
=What can I do if a login page is insecure?=
If the login page is insecure, check if a secure version exists by adding ''https://'' in front of the website address. You can also contact the website administrator and ask them to secure the connection. Otherwise, it is not recommended that you submit any information through the page.
;{for not fx89}[[Image:FF70 Gray Padlock]]{/for}{for fx89}[[Image:Lock89addressbar]] {/for}
=About insecure pages=
Insecure pages do not provide secure connections for visitors. Instead, they use an unencrypted connection (HTTP) and any information shared with these pages is at risk. Pages that need to transmit private information (such as credit cards, personal information and passwords) need to have a secure connection to help prevent attackers from stealing your information.
'''Tip:''' A secure connection will have {for not fx89}[[How do I tell if my connection to a website is secure?#w_padlock|"HTTPS" in the address bar, along with a gray lock icon]]{/for}{for fx89}[[How do I tell if my connection to a website is secure?#w_padlock|"HTTPS" in the address bar, along with a lock icon]] [[Image:Fx89Padlock]].{/for}
Pages that don’t transmit any private information can have an unencrypted connection. But, it is advised not to enter private information, such as passwords. The information you enter can be stolen over this insecure connection.
{note}
=Note for developers=
For developers looking to learn more about this warning, please see [https://developer.mozilla.org/docs/Web/Security/Insecure_passwords this page]. The page explains when and why Firefox shows this warning, and will also provide some details on how to fix the issue. For more information, see [https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please/ this blog post].
{/note}