Insecure login forms now disable autofill, show warning beneath input control

Published: | Categories: Privacy & Security

Description

As part of the ongoing insecure HTTP deprecation, Firefox 51 has enabled the basic warning for insecure password input by default to show a broken padlock icon on the Address Bar whenever an <input type="password"> is found on a non-HTTPS page. Firefox 52 advances this security measure by disabling autofill on such insecure login forms and rather showing a more prominent contextual warning message just below the <input> element.

Webmasters are strongly encouraged to move any form to an HTTPS page to let customers sign in safely and securely. In case you don’t know, Let’s Encrypt gives you a trusted SSL/TLS certificate for free.

References