Now Reading
Firefox will mark webpages as insecure if they send passwords over HTTP

Firefox will mark webpages as insecure if they send passwords over HTTP

by AshwinOctober 24, 2015

Mozilla has unveiled its plans to make yet another changes to its popular browser, Firefox.

Mozilla Firefox Nightly HTTP Insecure Icon

The new idea isn’t actually a bad one though.

Mozilla wants to improve the security of the browser, by marking webpages as insecure if they send passwords over HTTP. If you don’t know what that means, here’s a brief explanation. When you login to a wen service (email, social network,etc), your browser transmits the data through a web protocol. This is usually done through the secure protocol, HTTPS, You might have noticed it on banking and shopping websites. It is the small lock icon which appears next to the address bar of the browser, indicating that the web page is secure, i.e., encrypted.

However, in the case of the regular HTTP protocol, there is no encryption whatsoever, and as a result data transmitted over this protocol, is considered to be vulnerable. So attackers tend to use this information to steal identities or hack into accounts. Imagine the same, when a website uses HTTP for passwords, i.e. when you login. Your login credentials would be sent to the server in encrypted format, (plaintext), and this puts a greater risk to the user and the user’s data.

This is exactly the kind of scenario that Mozilla wants to avoid. In the latest nightly version of Firefox (version 44), the company has enabled an option which highlights if a webpage where you login is secure or not, reports The Next Web. This is a built-in feature, and does not require a toggle.

As you can see in the screenshot above, courtesy Twitter user Richard Barnes, Firefox will display a lock symbol with a cross on it, signifying that the connection is not secure. Of course, it will not prevent the user from logging in, that would be unethical. But still, this is a good step in improving the user’s security.

Download Firefox Nightly from the official website, if you want to see the new feature in action.

Mozilla will be removing support for NPAPI plugins in Firefox next year, as it has laid out plans to beef up the security of the browser. It will also be migrating to WebExtensions soon, which could mean the end of some popular add-ons, as not all developers are keen on completely re-working on their creations. Speaking of which, add-on developers will be required to submit their extensions to Mozilla for approval, and any unsigned add-on will not work in future versions of Firefox.