Mozilla plans to launch an update for the built-in password manager in Firefox that will make HTTP passwords work on HTTPS sites as well.
If you use the built-in functionality to save passwords in Firefox currently, you may know that the manager distinguishes between HTTP and HTTPS protocols.
When you save a password for http://www.example.com/, it won’t work on https://www.example.com/. When you visit the site using HTTPS later on, Firefox won’t suggest the username and password saved previously when connected via HTTP.
One option was to save passwords for HTTP and HTTPS sites separately, another to open the password manager and copy username and password manually whenever needed on the HTTPS version of a site.
With more and more sites migrating to HTTPS, or at least providing users with a HTTPS option to connect to it, it was time to evaluate the Firefox password manager behavior in this regard.
Firefox 49: HTTP passwords on HTTPS sites
Mozilla made the decision to change the behavior in the following way starting with the release of Firefox 49.
Passwords for the HTTP protocol will work automatically when connected via HTTPS to the same site. In other words, if a HTTP password is stored in Firefox, it will be used for HTTP and HTTPS sites when Firefox 49 is released.
The other way around does not however. Passwords saved explicitly for HTTPS, won’t be used when a user connects to the HTTP version of the site. The main reason for this is security. More precisely, because HTTP does not use encryption, and that password and username may be recorded easily by third-parties.
If you have a saved HTTPS username/password for a given domain, we will not populate those credentials on the HTTP version of the same domain.
Check out the bug listing on Bugzilla if you are interested in the discussion that led to the change in Firefox 49.
Closing Words
Firefox users who use the password manager of the web browser may notice the change once their version of the browser is updated to version 49. It should make things a bit more comfortable for those users, especially if a lot of HTTP passwords are saved already.
With more and more sites migrating over to HTTPS, it is likely that this will be beneficial to users of the browser. (via Sören)
Now You: Do you use the native password manager in Firefox?