Mozilla engineers are preparing a very intrusive, but quite useful method of warning users that they're about to enter sensitive passwords and login via an insecure HTTP connection.
Ryan Feeley, a user experience designer for Mozilla Toronto, provided this week a preview of an upcoming Firefox feature on Twitter.
"We’ll let you know when you go to type your password into an insecure (HTTP) page or form," Feeley wrote on Twitter, and posted the following image.
The image shows a panel that drops down from login forms whenever the user tries to enter a password on a page that hasn't been loaded via a secure and encrypted connection (HTTPS).
The warning Feeley teased is much more intrusive compared to the UI Firefox uses today, which only consists of a two-stage dropdown panel that appears only when users click on the "ⓘ" icon shown to the left of the browser's address bar.
Firefox was the first browser to warn users by default when entering credentials on HTTP pages. Mozilla introduced this feature in Firefox 44 Nightly.
Feeley explained on Twitter that the warning's wording might change in the future, as many users thought the default text of "Logins entered here could be compromised" was too alarmist.
Mozilla designers used the same wording when they first added the first HTTP login warning to Firefox 44 Nightly, but they eventually removed it in the Firefox 44 Stable branch.
This proposed "in your face" warning makes a lot of sense, since it's been known for years that HTTP traffic is sent in cleartext and can be intercepted through multiple methods.
Scaring users and shaming sites might be a controversial method of advancing the state of Internet security, but the advantages to privacy and personal security are palpable.