Well, Firefox turned out to be wrong! If you are on an unencrypted page that does not necessarily mean that your password will be transmitted in an unsecure way.
In fact, many page do not use https on purpose, in order to enable better compression, caching, and distributed content delivery.
If you see the warning from Firefox, check the source code of the page you are looking at. Chances are the the from will be submitted to an https-enabled URL, and after verification of your account in a secure way you will be redirected to http again, for the above mentioned reasons.
I would really like to get rid of this "feature", it is getting very annoying! I checked dozens of the sits I usually go to, and for which Firefox showed the warning - not one of them (!) was actually unsecure.
It looks like Mozilla are really proud of this feature: https://support.mozilla.org/t5/Protect-your-privacy/Insecure-password-warning-in-Firefox/ta-p/27861
Unfortunatly their page only has a positive voting button :-(
P,S.: here is how to disable it:
- enter "about:config" in the address bar
- accept the warning
- search for "insecure_field_warning"
- set the value to "false"
No comments:
Post a Comment