Insecure password input warning has been enabled by default

Published: | Categories: Privacy & Security

Description

Since Firefox 46, Firefox Nightly and Developer Edition have been showing a broken padlock icon on the Address Bar when the current page has <input type="password"> while the connection is not secure. Firefox 50 expanded this insecure password input warning to early Beta versions. Firefox 51 makes it enabled by default on all channels including the Release version.

Thought the indicator is not so prominent at this moment, there will be more warnings including in-context UI changes as part of the ongoing insecure HTTP deprecation. Web developers are strongly encouraged to move any sign-in form to an HTTPS page or ideally make the page itself HTTPS in order to protect customers.

This change will be made in line with Google Chrome 56 that makes a similar change also in January 2017.

References