With each passing day, it feels like there are more revelations coming out about spying by various nefarious actors. In an effort to make it harder on attackers, the industry as a whole is continuing the push to reduce HTTP connections and move to HTTPS. To help move things along and provide more user awareness, both Firefox and Chrome will start labeling certain HTTP connections as insecure.
Starting with Firefox 51 and Chrome 56, HTTP pages that contain password forms will display a non-secure warning in the address bar. Chrome takes it even further by including credit card forms as well. With HTTPS, it makes it harder for attackers to steal information, critical when it comes to passwords and credit card information. By warning the user about this, it will make them think twice before using an insecure website to enter their password. Hopefully, the user will then go on to complain to the service about the lack of HTTPS support.
While this labelling is only rolling out for forms with sensitive information, Firefox is planning to take it to the next level. Down the road, the browser is expected to label all HTTP connections as insecure. While this may help push the adoption of HTTPS, it risks inundating the user with information. This may cause them to dismiss the insecure label altogether even when it is warning about a password form.
