Chrome, Firefox start warning users when websites use insecure HTTP logins


The war on insecure webpages has begun, and Mozilla fired the first shot.

Recently, Mozilla rolled out Firefox 51 to its mainstream user base. With the new release comes an insecure warning on any page that offers a login form over an HTTP connection instead of HTTPS. Chrome plans to follow suit with version 56, expected to be released to mainstream users on Tuesday, January 31, as Ars Technica first pointed out.

HTTP uses an open, unencrypted connection between you and the website you’re visiting that could be intercepted by anyone monitoring traffic between you and the site. For that reason, it’s never a good idea to share login or credit card information over an HTTP connection. Most major sites offer the encrypted version—HTTPS—but every now and then you’ll come across a site that doesn’t.

The warnings

Ian Paul

The new insecure warning in Firefox.

In Firefox, users who’ve recently updated their browser will see a lock icon with a red strike through it next to an information icon in their URL address bar. These icons appear together when a user lands on a login page with an insecure HTTP connection. If you click on the icons you’ll see a plain-language explanation that the site is not secure, and a warning that any logins on the page could be compromised.

Leave a Reply

Your email address will not be published. Required fields are marked *