Unsecured websites will display a lock with a red strike through it
Mozilla is taking a strong stance against unsecured websites, highlighting those that do not provide secure connections through authentication and encryption between its Firefox browser and web servers.
With Firefox 51, the browse will highlight websites that do not use HTTPS, the secure variant of the HTTP protocol, by displaying a grey lock with a rest diagonal line through it and a message noting the website is not secure. Conversely, sites that use HTTPS will display a green lock.
Mozilla is keen to push web developers into adopting HTTPS rather than leave them to move to the secure protocol at a leisurely pace, given how unsecured sites and web portal are easily and often exploited by hackers and cyber criminals.
“To keep users safe online, we would like to see all developers use HTTPS for their websites. Using HTTPS is now easier than ever. Amazing progress in HTTPS adoption has been made, with a substantial portion of web traffic now secured by HTTPS,” the company said.
“In upcoming releases, Firefox will show an in-context message when a user clicks into a username or password field on a page that doesn’t use HTTPS. That message will show the same grey lock icon with red strike-through, accompanied by a similar message, ‘This connection is not secure. Logins entered here could be compromised.’
“As our plans evolve, we will continue to post updates but our hope is that all developers are encouraged by these changes to take the necessary steps to protect users of the Web through HTTPS.”
HTTPS is not exactly a new protocol but there are still plenty of websites that have not adopted it, which has prompted the likes of Google to take action to effectively shame websites without HTTPS from January onwards.
Without the protocol, there is a risk that nefarious actors could snoop on a users unencrypted data and modify a website before a visitor gets to it, potentially resulting in data theft.
However, adoption of HTTPS is gathering pace with WordPress rolling out free HTTPS encryption to all the custom domains it hosts.
Are you a security pro? Try our quiz!