Insecure logins
-
- Posts: 119
- Joined: November 17th, 2005, 10:38 pm
Insecure logins
When I attempted to log in to the mozillaZine forum I got a warning: "This connection is not secure. Logins entered here could compromised. Learn more." /color] "Learn more" suggested typing https:// before the URL. Doing this results in an "Unable to connect" message. This is the very first time I ever got this warning.
- DanRaisch
- Moderator
- Posts: 127188
- Joined: September 23rd, 2004, 8:57 pm
- Location: Somewhere on the right coast
Re: Insecure logins
Moving to Firefox Support as this is not a Thunderbird issue.
- MarkRH
- Posts: 1358
- Joined: September 12th, 2007, 2:30 am
- Location: Edmond, OK
- Contact:
Re: Insecure logins
Read this thread: http://forums.mozillazine.org/viewtopic ... &t=3028500
Basically Firefox now warns when sending passwords over http connections. You can turn off this warning with about:config changes. Nothing has changed really, it just tosses out a warning now.
Basically Firefox now warns when sending passwords over http connections. You can turn off this warning with about:config changes. Nothing has changed really, it just tosses out a warning now.
Mark H.
My Firefox Config
My Firefox Config
- Happy112
- Posts: 485
- Joined: April 15th, 2017, 10:25 am
- Location: Never-Never-Land
Re: Insecure logins
@coolmanch :
If you really don't want to see these warnings again, you can turn them off in about:config, like MarkRH already said :
Type in the address bar 'about:config' (without the quoation marks)
(promise to be careful, is asked)
Type and search for the following two preferences :
'security.insecure_field_warning.contextual.enabled' (without the quotation marks)
and :
'security.insecure_password.ui.enabled' (without the quotation marks)
and set both values to 'false'.
Would you first take a look at this article, please ?
https://blog.mozilla.org/security/2017/ ... cure-http/
If you really don't want to see these warnings again, you can turn them off in about:config, like MarkRH already said :
Type in the address bar 'about:config' (without the quoation marks)
(promise to be careful, is asked)
Type and search for the following two preferences :
'security.insecure_field_warning.contextual.enabled' (without the quotation marks)
and :
'security.insecure_password.ui.enabled' (without the quotation marks)
and set both values to 'false'.
Would you first take a look at this article, please ?
https://blog.mozilla.org/security/2017/ ... cure-http/
-
- Posts: 119
- Joined: November 17th, 2005, 10:38 pm
Re: Insecure logins
My concern is not about the message itself; it's about the fact that if you click on "Read more" you get instructions to put "https://" before the URL.When I did that I got an "Unable to connect" message.
- dfoulkes
- Posts: 22525
- Joined: June 28th, 2008, 10:31 pm
- Location: Mesquite, Nevada
Re: Insecure logins
That is because Mozillazine does not support https.... the https stuff is normally associated with high secured sites... like banks etc... this site does not need that... just do what Happy112 said.
As you can see she's (The CAT) always alert and on the prowl for Meoware !!
- lovemyfoxy
- Posts: 2337
- Joined: December 11th, 2009, 11:23 am
- Location: USA
Re: Insecure logins
That's why Happy112 is happy.
So HTTPS Everywhere does what with sites that don't have the "S"? Refuses to connect you? Would it negate the 2 about:configs I just did?
So HTTPS Everywhere does what with sites that don't have the "S"? Refuses to connect you? Would it negate the 2 about:configs I just did?
2 Desktops--Win 7 Ult.SP1 x64/6GB RAM /Firefox 52.9ESR/Waterfox64 2022.11/Thunderbird 52.9ESR/BitWarden PW Manager/Verizon FIOS wired network
- Happy112
- Posts: 485
- Joined: April 15th, 2017, 10:25 am
- Location: Never-Never-Land
Re: Insecure logins
If it's not the warning itself that's bothering you - then just ignore my previous post.coolmanoh wrote:My concern is not about the message itself; it's about the fact that if you click on "Read more" you get instructions to put "https://" before the URL.When I did that I got an "Unable to connect" message.
What's important though : does this happen on MozillaZine only ?
If so, then what dfoulkes said is true : you don't need to change it to 'https' on this site.
If, however, you get this on other sites as well, then you could go to about:config and set the value of the following preference to 'false' : 'browser.urlbar.autoFill' (without the quotation marks).
-
- Posts: 845
- Joined: January 25th, 2007, 2:49 pm
- Location: So. U.S.A.
Re: Insecure logins
Just a thought...dfoulkes wrote: Mozillazine does not support https.... the https stuff is normally associated with high secured sites... this site does not need that...
Nothing to do w/ OP's original question, but a very significant number of "low security" sites, like forums, now use https. At least on login pages.
1) HTTPS is unimportant on a Mozillazine type sites, if you don't care about hackers stealing your login data; then posing as you; or don't mind them stealing your email address, even if they can't login;
...if it's not a forum where you're discussing personal issues, and say an abusive ex-spouse or stalker sniffs your PW, then reads all of your comments;
...for non-technical or lazy or "it'll never happen to me" type users that still use one PW for many sites, stolen PWs are big trouble.
2) I see more & more people asking "typical" site operators to add https - at least for login, and more sites complying.
- lovemyfoxy
- Posts: 2337
- Joined: December 11th, 2009, 11:23 am
- Location: USA
Re: Insecure logins
error
2 Desktops--Win 7 Ult.SP1 x64/6GB RAM /Firefox 52.9ESR/Waterfox64 2022.11/Thunderbird 52.9ESR/BitWarden PW Manager/Verizon FIOS wired network