Firefox: disable "This Connection is not Secure" warnings - gHacks Tech News

Firefox: disable "This Connection is not Secure" warnings

Firefox displays "This Connection is not Secure. Logins entered here could be compromised" warning messages when sites don't protect their login pages with HTTPS.

The idea behind the feature is to display a visual reminder to Firefox users that the data that they enter into a form is not protected when they hit the login or submit button on websites that don't use HTTPS.

While that is a handy reminder for many inexperienced Firefox users, experienced users may not find it super handy to have.

The main reason for that is that you can look at the page address, or the lock icon, displayed in the browser's address bar to see the same thing. If there is a red strike-through lock icon, and if the site is not using https, then anything that you enter on the site and submit is not encrypted and thus readable.

This Connection is not Secure

this connection is not secure

The prompt, as useful as it may be to some users, may cause two issues for other users. First, it prevents that login information is filled out automatically on affected sites.

Firefox's password manager won't fill out the information automatically, so that you need to do so manually in some way. This may be the sane thing to do on new sites, but if you are a regular on a site that has not just yet switched to HTTPS, you may trust the site enough to want Firefox to continue filling out the information to improve the login process.

The second issue is not as dramatic, but the prompt may overshadow other page elements. If the username and password prompt are displayed vertically, the username prompt warning may overshadow the password field.

Mozilla notes that you can just hit Enter to dismiss it, but this did not work for me. Whenever I hit the Enter-key, the data was submitted. Clicking outside the box helps however and dismisses the box.

Disabling the contextual warning

security insecure field firefox

Here is how you disable the "this connection is not secure" warning in Firefox:

  1. Load about:config in the Firefox address bar and hit the Enter-key.
  2. Search for security.insecure_field_warning.contextual.enabled.
  3. Double-click the preference.

The default value of the preference is true, which means that the feature is enabled and that Firefox will display warning prompts when you activate insecure login fields. If you set it to false, those warnings are not shown.

Toggling the preference won't have any effect on the automatic filling out of forms on HTTP pages.

firefox autofill http

You need to modify another preference of the Firefox web browser for that.

  1. Open the about:config page again.
  2. Search for signon.autofillForms.http.
  3. Double-click the preference.

The default value of false prevents the Firefox web browser from filling out form information on HTTP pages. If you set it to true, Firefox will auto-fill form pages on HTTP pages as well.

Closing Words

The warnings will become less and less as time passes as more and more sites will migrate to HTTPS.  The warnings may raise awareness, and that is definitely a good thing. Statistics on how many users are leaving the login pages of sites where the warning message is displayed would be useful

Now You: Do you find the prompts useful?

Summary
Firefox: disable "This Connection is not Secure" warnings
Article Name
Firefox: disable "This Connection is not Secure" warnings
Description
Find out how to disable the "This Connection is not secure" warning message in Firefox when you try to log in to websites using the browser.
Author
Publisher
Ghacks Technology News
Logo




  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. Elias Fotinis said on June 13, 2017 at 8:13 am
      Reply

      Anyone in programming, I.T. or customer support knows that these things are totally useless. Just a mild annoyance to those who know what they’re doing. The rest will click through everything. We already have popups about cookies, fullscreen, location, camera/mic. Why not just put up a giant warning when starting a session, saying “The internet is bad, mmmmkay?” You really can’t teach adults how to be careful, trustworthy, responsible, etc. Not by laws and certainly not by warning labels.

      1. Skyfoogle69 said on June 13, 2017 at 8:33 am
        Reply

        I agree that the cookie warnings are just unnecessarily annoying. However, I definitely think that it’s a good thing, that your browser asks you, if you want to share your location data or if you want to give the site access to your mic/camera. Otherwise everybody would just do it. Or would you prefer e. g. Google listening and literally watching you all the time?

        1. Lionman said on August 25, 2017 at 1:26 pm
          Reply

          > Or would you prefer e. g. Google listening and literally watching you all the time?
          You don’t really have a choice.
          As if a single half-assed notification will stop Google Analytics from keeping watch on you.

      2. Jed said on June 13, 2017 at 2:36 pm
        Reply

        > You really can’t teach adults how to be careful, trustworthy, responsible, etc. Not by laws and certainly not by warning labels.

        That’s untrue, see the food market as an example. Informed users make decisions based on information provided, it just needs to be presented in a way that lets us take a decision after just a quick glance at it.

        Warning fatigue is slightly different and is indeed related to “getting in the way” and “being obnoxious”.

    2. Skyfoogle69 said on June 13, 2017 at 8:26 am
      Reply

      “but if you are a regular on a site that has not just yet switched to HTTPS, you may trust the site enough to want Firefox to continue filling out the information to improve the login process.”

      It doesn’t have anything to do with trusting the site tho, does it? The website sees what your doing anyway. Correct me if I’m wrong but isn’t https more for protection of man-in-the-middle attacks then for anything else? Requested http sites can be manipulated and read from anybody inside your local network as well as from anybody else that sits between you and the actual site.

      So it’s not actually about trusting the website but trusting your local network, your ISP etc.

      1. Martin Brinkmann said on June 13, 2017 at 8:28 am
        Reply

        You are right, that is the most important factor.

    3. Thorky said on June 13, 2017 at 8:52 am
      Reply

      Hi, has signon.autofillForms.http to be on false (default) oder true?

      Please don’t set a dot behind about:config-terms like signon.autofillForms.http … some guys may copy the dot too, which causes trouble. ;)

      1. Martin Brinkmann said on June 13, 2017 at 8:56 am
        Reply

        If you want auto fill on insecure pages (HTTP), you set the value to true.

    4. Curtis K said on June 13, 2017 at 12:09 pm
      Reply

      An company/developer (stupid) reported about this on BMO (Bugzilla @Mozilla) called: Oil and Gas International (search Oil and Gas International Mozilla) see https://arstechnica.com/security/2017/03/firefox-gets-complaint-for-labeling-unencrypted-login-page-insecure/ and https://www.bleepingcomputer.com/news/security/developer-complains-firefox-labels-his-site-as-insecure-hilarity-ensues/

    5. b said on June 13, 2017 at 12:15 pm
      Reply

      I find this feature very useful. as for sites that I visit regularly, I recently chose to send a mail( alias of course ) with screenshots asking politely if they would please consider to migrate to HTTPs. so far 2 sites did.

    6. jasray said on June 13, 2017 at 4:01 pm
      Reply

      “A site that has not just yet switched to HTTPS” needs to be avoided. An SSL Certificate is inexpensive enough for any site that is worth visiting. If the admin of a site is so inexperienced and cheap that he/she won’t/can’t’ add a simple feature, then the site should be boycotted, blocked, avoided, denounced, trashed, hacked–whatever it takes–to wake the lazy creature from the slumber of stupidity and gross negligence. SSL is really a feature that tells visitors that “We care.”

      Donation Coder, by the way, uses https://–

      https://www.donationcoder.com/forum/index.php

      1. duffy said on June 18, 2017 at 12:04 am
        Reply

        Not true. If it’s an informational site there is no value in making it https. Especially if there are no accounts involved. Sure I believe responsible sites -should- do it. There is no danger in going to it, other than pissing off https zealots, and that might be a good reason to leave it at just http, just knowing there are such zealots rage quitting your site.

      2. andy said on December 1, 2017 at 3:25 pm
        Reply

        How is an ssl certificate cheap. Most I have seen cost money and as I only play with websites as a hobby I dont need to be tolld its insecure.

        whats worse is not being able to access my webhost manager as even adding an exception leads to a 404.

        its more money grabbing for someone.

    7. Clairvaux said on June 13, 2017 at 5:41 pm
      Reply

      What takes the biscuit is when you get a warning — not this type, the one that covers the whole page and refuses to take you there, saying the site is not secure or something — for security-related sites.

    8. dmacleo said on June 13, 2017 at 9:03 pm
      Reply

      anyone know if this can be applied through a group policy setting on windows domain?
      have not dug into firefox adm files to see.

    9. mikef90000 said on June 13, 2017 at 10:27 pm
      Reply

      This feature doesn’t bother me as I rarely encounter it.
      What is Far more annoying are the useless dialogs that complain about an ‘invalid (https) site configuration’ or somesuch AND REFUSE to provide more details AND an option to ‘Proceed With Caution’.

      The unsupervised dev-children at Mozilla are Really starting to annoy me.

    10. Juris said on June 25, 2017 at 7:17 pm
      Reply

      Thanks. Very help me!!! :)

    11. Mr Janus said on July 16, 2017 at 8:49 pm
      Reply

      Thanks for this info. I run a remote desktop connection to my server, where I login to my SmarterMail installation for administration purposes. Whilst I can see how these warnings might have some use, they are just annoying on LAN based remote desktop connections. They also prove to be extremely annoying in login boxes, where the warning obscures the bottom text entry box… as is the case with SmarterMail.

      Sadly, this is all too common with Firefox’s attitude to users and functionality. It’s a case of “Sod the users, let’s just make a point”. Thankfully, there are users like yourself who are providing the solutions that the Firefox team couldn’t be bothered to think about. They need to remove the blinkers every now and again and take a good look at the real world.

    12. shoey said on July 29, 2017 at 5:43 am
      Reply

      i have windows 10. i tried the 2 steps above but it still doesnt work, still say connection not secure, any suggestions?

    13. Anonymous said on August 23, 2017 at 7:35 am
      Reply

      Thanks a lot. that was useful.

    14. hector said on October 10, 2017 at 4:56 am
      Reply

      thanks to this stupid alert I have two fuckings hours dealing with selenium because when I execute the method accept in the alert. it redirects me to the main page of login, thank you so much firefox for wasting my time.

    15. SherwoodSpirit said on November 9, 2017 at 9:59 pm
      Reply

      The warnings come up on (and interfere with) our company internal pages that we must use to log and track our jobs. No one outside this company would give the slightest shit about what’s on these pages. So the warnings are a constant useless annoyance. Thanks for providing the means to make them go the hell away. Firefox has become so consistently annoying in the last couple years. Don’t get me started on New Tab behavior. Ugh.

    16. Roberto said on December 9, 2017 at 9:12 am
      Reply

      Still I can’t open the page I want. Im going to use Chrome :-(

    17. Ulf said on January 30, 2018 at 11:00 pm
      Reply

      Firefox continues to annoy me with this kind of crap. My first reaction was to switch to Chrome.

    Leave a Reply