Blogs

FireFox and Insecure Password Notifications

09 Mar

Passwords are something we talk about as developers a lot when working with custom systems. We talk about the logistics of how to reset them, how to store them, and related back-end options. It is often simply assumed that we will be using SSL when we submit these passwords to our websites. This assumption, however, is often a big oversight and exposes a potential point of risk to websites. I'm blogging about this today, because FireFox, starting with Version 52 introduces a feature that calls all of us developers on any oversight in this situation.

What's New in Version 52

Per this help document, the version 52 release adds new features to FireFox that for any password field that would be submitted via a non-HTTPS channel a warning will be shown that the user must acknowledge before they are able to continue.

What Does This Mean to Us

Although this move is currently only completed in FireFox, I think it is very important to use this as an opportunity to encourage those operating sites without secure logins to resolve the issue, and implement SSL on their site like they should. For those working with Content Management System clients, and otherwise it is something that is often overlooked. As the web-browsers become more intelligent it is important for us to stay ahead. We are in an age where if we cut corners as developers, or site administrators, we will start to get called on those transgressions.

SSL Certificates are cheap, and implementation is very simple, if you have a site that is unsecured today, please consider resolving soon. As always, share any comments or questions below!

tags: General Tech
comments powered by Disqus

Content provided in this blog is provided "AS-IS" and the information should be used at your own discretion.  The thoughts and opinions expressed are the personal thoughts of Mitchel Sellers and do not reflect the opinions of his employer.

Connect with Mitchel

I hope the information here has been helpful. To stay connected you can also subscribe to blog updates via email, contact Mitchel about consulting services, or reach out for assistance via CodeMendor

Content Copyright

Content in this blog is copyright protected.  Re-publishing on other websites is allowed as long as proper credit and backlink to the article is provided.  Any other re-publishing or distribution of this content is prohibited without written permission from Mitchel Sellers.