The most recent Nightly version of the Firefox web browser includes a special notification on websites where login forms are not secured by https to make sure users are aware of the issue.
Not all pages or sites need to be protected by https in my opinion, but there are certain types of sites or pages that should be protected at all times.
This includes online banking services and other services that include financial transactions, sites that store personal information such as photos, videos or messages, and log in pages.
The main reason why these pages and services are more important than others is simple: attackers gain valuable data and information when they snoop on the traffic whereas they may not gain much by snopping on other Internet activities.
All web browsers highlight whether a connection is secure or not as icons in the address bar. Some users colors to make this even clearer to the user.
The most recent version of Firefox Nightly, currently at version 44, ships with a change that notifies Firefox users when pages with password inputs are not protected by https.
The new “insecure” lock icon in the address bar highlights that the connection to the site is not secure and that data that is entered on the site may be captured by third-parties because of that.
The warning is displayed on login pages that use http and not https, even if the form itself uses https. The reason for that is that scripts may still intercept what has been entered on the page before submit is clicked on in the browser.
A click on the icon highlights the same fact as you can see on the screenshot above.
The new feature catches this only if <input type=”password”> fields are used. Sites could avoid the message by changing the input type, but that would have other consequences. Still, it is best to use it as another indicator but not as a sure-fire way of making sure that a login page is properly protected.
You are probably wondering when this will land in release versions of Firefox. Please note that all development feature may change or be removed entirely before they reach the stable version of Firefox.
If things go as planned, Firefox Stable users should see the new notifications on January 26, 2016 when stable versions of Firefox reach version 44.
Now You: Do you pay attention to the use of https on sites?