Back to all posts

FireFox and Insecure Password Notifications

Posted on Mar 09, 2017

Posted in category:

Passwords are something we talk about as developers a lot when working with custom systems. We talk about the logistics of how to reset them, how to store them, and related back-end options. It is often simply assumed that we will be using SSL when we submit these passwords to our websites. This assumption, however, is often a big oversight and exposes a potential point of risk to websites. I'm blogging about this today, because FireFox, starting with Version 52 introduces a feature that calls all of us developers on any oversight in this situation.

What's New in Version 52

Per this help document, the version 52 release adds new features to FireFox that for any password field that would be submitted via a non-HTTPS channel a warning will be shown that the user must acknowledge before they are able to continue.

What Does This Mean to Us

Although this move is currently only completed in FireFox, I think it is very important to use this as an opportunity to encourage those operating sites without secure logins to resolve the issue, and implement SSL on their site like they should. For those working with Content Management System clients, and otherwise it is something that is often overlooked. As the web-browsers become more intelligent it is important for us to stay ahead. We are in an age where if we cut corners as developers, or site administrators, we will start to get called on those transgressions.

SSL Certificates are cheap, and implementation is very simple, if you have a site that is unsecured today, please consider resolving soon. As always, share any comments or questions below!