Beginning a couple of days ago I am being notified by Firefox that the password sign in process for this forum is not secure.
Has it always been this way, or has something changed? What can I do to make it a secure process?
Thanks.....
Original Post
Replies sorted oldest to newest
I have not seen this, and I use Firefox on all my computers and the iPad.
The login process here does not need to be "secure." The site is not run in encrypted mode via SSL because there is no need to. The login here is via "http" as opposed to "https" which is found on a secure site like a web store. If you are using "https" to log in here, I could see how you would get that warning. The browser is expecting to see a secure connection (https) but instead is served a regular web page via a standard "http" page call.
Rich, this just started popping up for me on a couple of sites, I think FF made some change that broke something. It clearly seems to be looking for a secure site where none exists.
I am on RCCrawler forum and it popped up there as well...user name at the bottom of the warning box..click and logged in.
Rich, happens here now with FF for me. See notice below password prompt.
Attachments
Me too. Fix one thing, break another
Thanks, fellows, for chiming in. At least it appears to be something other than my computer.
Firefox says your login is not secure (https). Rich confirmed that.
Farmer_Bill posted:Firefox says your login is not secure (https). Rich confirmed that.
You need to read his reply again. I'm NOT using HTTPS to try to login to the site, and Rich says he doesn't get the warning. Obviously, something changed recently with Firefox.
For anyone using Firefox, here's the fix, this from the Mozilla support forum.
I managed to get the old behavior - no warning, login page opening with username and password populated, by changing 3 preferences in about:config
security.insecure_password.ui.enabled - change to False
security.insecure_field_warning.contextual.enabled - change to False
signon.autofillForms.http - change to True
I do think it is ridiculous that such a change should be made, creating so much potential bother, requiring furtling around in concealed, obscure configuration options to revert for those the change seriously inconveniences.
I also think it's ridiculous that there is only an all or nothing situation. There SHOULD be a 'Got it: don't show warning on this site again' tickbox option on the warning so that one can revert to previous behavior on a site by site basis after the user has been warned but decided to still use that site and login.
Does anyone read release notes anymore?
Attachments
Images (1)
We assumed it was Firefox, the issue was how to fix it.
I think the guy's last point was correct, there should have been a way to eliminate the prompt on a given site once it's popped up. That would have been the right way to "fix" this, not the brute force and in your face stupid way they did it!
With anything else, usually these are corrected once the programmers that write this figure out that it was wrong of them to assume. Look at some of the stuff on this very forum software that someone thought was a good idea was corrected later.
Easy enough to go back and revise it once they get enough complaints.
Any site hosting personally identifiable information (PII) has a duty to secure that data. Deploying SSL is trivial from an administrative point of view and is a measure that one should take. "Web stores" are not the only sites that should be covered by SSL. That is an antiquated approach, in this IT consultants opinion.
Yes but to Johns point, an initial warning is a great idea, the option to turn off the warning would be preferred.
