Insecure logins

User Help for Mozilla Firefox
Post Reply
coolmanoh
Posts: 119
Joined: November 17th, 2005, 10:38 pm

Insecure logins

Post by coolmanoh »

When I attempted to log in to the mozillaZine forum I got a warning: "This connection is not secure. Logins entered here could compromised. Learn more." /color] "Learn more" suggested typing https:// before the URL. Doing this results in an "Unable to connect" message. This is the very first time I ever got this warning.
User avatar
DanRaisch
Moderator
Posts: 127166
Joined: September 23rd, 2004, 8:57 pm
Location: Somewhere on the right coast

Re: Insecure logins

Post by DanRaisch »

Moving to Firefox Support as this is not a Thunderbird issue.
User avatar
MarkRH
Posts: 1357
Joined: September 12th, 2007, 2:30 am
Location: Edmond, OK
Contact:

Re: Insecure logins

Post by MarkRH »

Read this thread: http://forums.mozillazine.org/viewtopic ... &t=3028500

Basically Firefox now warns when sending passwords over http connections. You can turn off this warning with about:config changes. Nothing has changed really, it just tosses out a warning now.
User avatar
Happy112
Posts: 485
Joined: April 15th, 2017, 10:25 am
Location: Never-Never-Land

Re: Insecure logins

Post by Happy112 »

@coolmanch :

If you really don't want to see these warnings again, you can turn them off in about:config, like MarkRH already said :

Type in the address bar 'about:config' (without the quoation marks)
(promise to be careful, is asked)
Type and search for the following two preferences :
'security.insecure_field_warning.contextual.enabled' (without the quotation marks)
and :
'security.insecure_password.ui.enabled' (without the quotation marks)
and set both values to 'false'.

Would you first take a look at this article, please ?

https://blog.mozilla.org/security/2017/ ... cure-http/
coolmanoh
Posts: 119
Joined: November 17th, 2005, 10:38 pm

Re: Insecure logins

Post by coolmanoh »

My concern is not about the message itself; it's about the fact that if you click on "Read more" you get instructions to put "https://" before the URL.When I did that I got an "Unable to connect" message.
User avatar
dfoulkes
Posts: 22525
Joined: June 28th, 2008, 10:31 pm
Location: Mesquite, Nevada

Re: Insecure logins

Post by dfoulkes »

That is because Mozillazine does not support https.... the https stuff is normally associated with high secured sites... like banks etc... this site does not need that... just do what Happy112 said.
As you can see she's (The CAT) always alert and on the prowl for Meoware !!
User avatar
lovemyfoxy
Posts: 2337
Joined: December 11th, 2009, 11:23 am
Location: USA

Re: Insecure logins

Post by lovemyfoxy »

That's why Happy112 is happy.

So HTTPS Everywhere does what with sites that don't have the "S"? Refuses to connect you? Would it negate the 2 about:configs I just did?
2 Desktops--Win 7 Ult.SP1 x64/6GB RAM /Firefox 52.9ESR/Waterfox64 2022.11/Thunderbird 52.9ESR/BitWarden PW Manager/Verizon FIOS wired network
User avatar
Happy112
Posts: 485
Joined: April 15th, 2017, 10:25 am
Location: Never-Never-Land

Re: Insecure logins

Post by Happy112 »

coolmanoh wrote:My concern is not about the message itself; it's about the fact that if you click on "Read more" you get instructions to put "https://" before the URL.When I did that I got an "Unable to connect" message.
If it's not the warning itself that's bothering you - then just ignore my previous post.
What's important though : does this happen on MozillaZine only ?
If so, then what dfoulkes said is true : you don't need to change it to 'https' on this site.
If, however, you get this on other sites as well, then you could go to about:config and set the value of the following preference to 'false' : 'browser.urlbar.autoFill' (without the quotation marks).
phkhgh
Posts: 845
Joined: January 25th, 2007, 2:49 pm
Location: So. U.S.A.

Re: Insecure logins

Post by phkhgh »

dfoulkes wrote: Mozillazine does not support https.... the https stuff is normally associated with high secured sites... this site does not need that...
Just a thought...
Nothing to do w/ OP's original question, but a very significant number of "low security" sites, like forums, now use https. At least on login pages.
1) HTTPS is unimportant on a Mozillazine type sites, if you don't care about hackers stealing your login data; then posing as you; or don't mind them stealing your email address, even if they can't login;
...if it's not a forum where you're discussing personal issues, and say an abusive ex-spouse or stalker sniffs your PW, then reads all of your comments;
...for non-technical or lazy or "it'll never happen to me" type users that still use one PW for many sites, stolen PWs are big trouble.

2) I see more & more people asking "typical" site operators to add https - at least for login, and more sites complying.
User avatar
lovemyfoxy
Posts: 2337
Joined: December 11th, 2009, 11:23 am
Location: USA

Re: Insecure logins

Post by lovemyfoxy »

error
2 Desktops--Win 7 Ult.SP1 x64/6GB RAM /Firefox 52.9ESR/Waterfox64 2022.11/Thunderbird 52.9ESR/BitWarden PW Manager/Verizon FIOS wired network
Post Reply