MozillaZine

Insecure Password Warning On This Site

Talk about stuff specific to the site -- bugs, suggestions, and of course praise welcome.
xanthon
 
Posts: 172
Joined: December 17th, 2005, 11:55 pm

Post Posted July 17th, 2018, 11:13 pm

Hello. I searched the forum and found only a thread relating to other websites. It is locked and may pre-date Firefox Quantum.

I came up against the problem this afternoon. The following support page is relevant : Insecure password warning in Firefox.

Firefox will display a lock icon with red strike-through red strikethrough icon in the address bar when a login page you’re viewing does not have a secure connection. This is to inform you that if you enter your password, it could be stolen by eavesdroppers and attackers.

Starting in Firefox version 52, you will also see a warning message when you click inside the login box to enter a username or password.

makaiguy

User avatar
 
Posts: 16658
Joined: November 18th, 2002, 6:44 pm
Location: Somewhere in SE USA

Post Posted July 18th, 2018, 4:48 am

Starting with Ver 52, FFox pops up a warning when attempting to log into sites (like this one) not accessed via a secure connection (i.e. those using non-secured http protocol instead of secured https protocol). The warning correctly points out that your login name and password are being transmitted in the clear where they can be captured by any server along the way.

This does not mean that the site you are trying to log in to has suddenly become insecure. This situation has always been there, but the folks at Mozilla just decided they'd warn you about it.

To avoid the warning:
  1. If the site supports a secure https connection, use that instead of http. Your transmission will be encrypted and only readable by your destination site.

  2. If you just don't want FFox to warn you of these insecure connections, do this:
    • Enter about:config in the Address/URL bar.
    • Press the button to agree to be careful (if you haven't done this previously).
    • Enter insecure in the Filter bar to limit display to just options containing 'insecure'.
    • Double-click on each of the following two options to toggle them between true and false. Set them to false:
        security.insecure_field_warning.contextual.enabled
        security.insecure_password.ui.enabled
    • Enter autofill in the Search bar.
    • Double-click on signon.autofillForms.http and toggle it to true.
    NOTE: if any of the above options are not found, you can create them manually. Right-click (control-click on Apple) an empty space in the option list. Click New | Boolean. Enter the option name and appropriate true/false value.
Doug Wilson, "The Makai Guy"
Win10 (64bit): FF 52.9.0 ESR (64bit), TB 60.3.0 (32-bit) ║ Android 8.0/7.1.1: FF 62.0.1 No TB for Android available, dammit!
What a fool believes he sees, no wise man has the power to reason away - Doobie Brothers

lucideer
 
Posts: 178
Joined: May 17th, 2009, 6:47 pm
Location: Ireland

Post Posted August 2nd, 2018, 10:33 am

makaiguy wrote:This does not mean that the site you are trying to log in to has suddenly become insecure. This situation has always been there, but the folks at Mozilla just decided they'd warn you about it.


This isn't true. The kind folks at Mozilla don't decide to warn their users about things for no reasons—they are doing this because this has *always* been insecure and we're trying to move to a more secure web.

makaiguy wrote:If you just don't want FFox to warn you of these insecure connections, do this:


This is dangerous advice. Please don't ask people to disable security settings in their Firefox install.


I'm a long-time-inactive former MozillaZine user/poster and I came here today after a long hiatus specifically to discuss a separate issue. It's a long time since I logged into the site, and I was really shocked to realise it was a non-HTTP forum. This is basically unacceptable for any slightly privacy-aware educated user on the modern internet.

If anyone needs help setting up HTTP for the mozillaZine server, I'm more than willing to help out. Is there a thread somewhere where this work is in progress?

DanRaisch
Moderator

User avatar
 
Posts: 120456
Joined: September 23rd, 2004, 8:57 pm
Location: Somewhere on the right coast

Post Posted August 2nd, 2018, 3:40 pm

If anyone needs help setting up HTTP for the mozillaZine server, I'm more than willing to help out. Is there a thread somewhere where this work is in progress?


I'm assuming you mean "setting up HTTPS".
As far as we are aware, there is nothing in progress on that and probably won't be. Is there really anything that sensitive being posted on this open, public forum to make that an issue?

James
Moderator

User avatar
 
Posts: 27434
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Post Posted August 2nd, 2018, 4:12 pm

lucideer wrote:This is basically unacceptable for any slightly privacy-aware educated user on the modern internet.

If anyone needs help setting up HTTP for the mozillaZine server, I'm more than willing to help out. Is there a thread somewhere where this work is in progress?

This site is not a store or bank or such. I'm sure kerz is aware of options like say https://letsencrypt.org/ as he has a life and is busy at Google and has been generous in still keeping mozillaZine up and running as is.

Return to MozillaZine Site Discussion


Who is online

Users browsing this forum: No registered users and 6 guests