Firefox 44, non-HTTPS login page

So what Mozilla is aiming to do is to ship Firefox 44 with some new security enhancements: every page, that contains a login form, but is served over plain HTTP, will be marked with the so-really-user-friendly broken padlock. You’ll get the same lock if your login form’s target page is insecure, too, but that should be obvious. FF44 ships this week.

Is this a security enhancement? Hard to say.

• What does a completely average Internet user think when the broken padlock appears on a page that seemed to be completely fine just yesterday?
• Should every developer upgrade some legacy sites that are completely fine par this one thing?
• What about the hobbyists who have installed a bulletin board software in a webhotel but aren’t really any sort of developers?

The whole question of to HTTPS or not to HTTPS is a tough one since it’s so easy to find cases where it really isn’t needed but the enforcing decisions of browser vendors affect them no matter what.

On a personal note I can say that I have a passion for HTTPS. Sounds retarded, maybe so, but I like it. I want to have it everywhere. I have built myself an interest out of it very so that I follow all things HTTPS all the time.

The post Firefox marks non-HTTPS login pages insecure appeared first on Pietari Heino's personal website.