Firefox displays “This Connection is not Secure. Logins entered here could be compromised” warning messages when sites don’t protect their login pages with HTTPS.
The idea behind the feature is to display a visual reminder to Firefox users that the data that they enter into a form is not protected when they hit the login or submit button on websites that don’t use HTTPS.
While that is a handy reminder for many inexperienced Firefox users, experienced users may not find it super handy to have.
The main reason for that is that you can look at the page address, or the lock icon, displayed in the browser’s address bar to see the same thing. If there is a red strike-through lock icon, and if the site is not using https, then anything that you enter on the site and submit is not encrypted and thus readable.
This Connection is not Secure
The prompt, as useful as it may be to some users, may cause two issues for other users. First, it prevents that login information is filled out automatically on affected sites.
Firefox’s password manager won’t fill out the information automatically, so that you need to do so manually in some way. This may be the sane thing to do on new sites, but if you are a regular on a site that has not just yet switched to HTTPS, you may trust the site enough to want Firefox to continue filling out the information to improve the login process.
The second issue is not as dramatic, but the prompt may overshadow other page elements. If the username and password prompt are displayed vertically, the username prompt warning may overshadow the password field.
Mozilla notes that you can just hit Enter to dismiss it, but this did not work for me. Whenever I hit the Enter-key, the data was submitted. Clicking outside the box helps however and dismisses the box.
Disabling the contextual warning
Here is how you disable the “this connection is not secure” warning in Firefox:
- Load about:config in the Firefox address bar and hit the Enter-key.
- Search for security.insecure_field_warning.contextual.enabled.
- Double-click the preference.
The default value of the preference is true, which means that the feature is enabled and that Firefox will display warning prompts when you activate insecure login fields. If you set it to false, those warnings are not shown.
Toggling the preference won’t have any effect on the automatic filling out of forms on HTTP pages.
You need to modify another preference of the Firefox web browser for that.
- Open the about:config page again.
- Search for signon.autofillForms.http.
- Double-click the preference.
The default value of false prevents the Firefox web browser from filling out form information on HTTP pages. If you set it to true, Firefox will auto-fill form pages on HTTP pages as well.
Closing Words
The warnings will become less and less as time passes as more and more sites will migrate to HTTPS. The warnings may raise awareness, and that is definitely a good thing. Statistics on how many users are leaving the login pages of sites where the warning message is displayed would be useful
Now You: Do you find the prompts useful?