14 DAY TRIAL // Richard Barnes, Mozilla head of Security Engineering, has announced on Twitter that Firefox will start marking any Web page that hosts login forms on HTTP connections as "insecure" and display an appropriate icon to warn users of the danger.
This is a significant step towards making the Web a safer place, because even if the login form submits data to an HTTPS connection, attackers could still use JavaScript code loaded on the page to steal the user's password before it is sent to the more secure HTTP connection.
Technically, as explained by Mr. Barnes, any HTML "input" tag set to work as a password field will automatically trigger this warning if the page's URL is HTTP. This means that it will also show up on sign up (registration) forms.
The icon and popup displayed for this warning are the same as for the errors you see for insecure HTTPS certificates, but this was done on purpose since most Firefox users are trained to catch this type of error out of the corner of their eye and investigate the issue further.
The feature is primed for launch in Firefox 44 but is already part of the Firefox Nightly edition. Firefox 44 will also add better SSL error notifications.
Firefox Nightly is available for download via Softpedia for Mac and Windows operating systems. There's no Linux version for this edition.
PSA: In Firefox 44 Nightly, "http:" pages with are now marked insecure. pic.twitter.com/qS9LxuRPdm
— Richard Barnes (@rlbarnes) October 20, 2015
