Home Main Forums Help & Q&A Got "insecure password" warning from Mozilla

  • arendt (1432 posts)
    Profile photo of arendt

    Got "insecure password" warning from Mozilla

    Got this when I went to login after a power glitch. First time I have received this warning. Thought I would pass it along to the admins.

    Insecure password warning in Firefox

    This is a new feature that is available starting in Firefox version 51.
    Firefox will display a grey lock icon with a red strike-through in the address bar, when a login page you’re viewing does not have a secure connection. This is to inform you that if you enter your password it could be stolen by eavesdroppers and attackers.

    Starting in Firefox version 52, you will also see a warning message when you click inside the login box to enter a username or password.
     
    What can I do if a login page is insecure?
    If a login page for your favorite site is insecure, you can try and see if a secure version of the page exists by typing https:// before the url in the location bar. You can also try to contact the web administrator for the site and ask them to secure their connection.

    Not recommended: You can also continue to log in to the website even if the connection is insecure, but do so at your own risk. If you do go this route, try to use a unique password or a password that you don’t also use for other important sites.

    Babel 17, PADemD like this

You must be logged in to reply to this topic.

▼ Hide Reply Index
16 replies
  • leveymg (3495 posts)
    Profile photo of leveymg

    1. Or use a burner password for all but your banking info.

    Most sites should not require a password.  It just gives them an inflated appearance of self-importance.

    • arendt (1432 posts)
      Profile photo of arendt

      2. Unless a password is 2048 random bits, it can be cracked

      So, yeah, passwords are a joke against real cyberwarfare.

      I don’t know how much work it is for the admins to switch to https. I also don’t know what kind of load https would put on JPR’s already straining DB engine.

      • leveymg (3495 posts)
        Profile photo of leveymg

        3. Unless someone can cash a check with your password, don't worry about it

        The same goes for Podesta’ s email.  An awful lot is made about vulnerabilities and hacking in today’s world, and the efforts taken to amplify people’s insecure is usually just to manipulate the public or sell a product.

      • Marym625 (26488 posts)
        Profile photo of Marym625 Admin

        10. I don't have a clue how difficult that is

        But I’ll add it to our to do list.

        Within the next couple weeks, hopefully, we’ll be faster and have a couple other upgrades

        "Once the decision was made to go into Iraq as an invader and occupier,  it’s like our nation lost its conscience. And it has not yet gotten that conscience back." Madfloridian  
        • arendt (1432 posts)
          Profile photo of arendt

          13. 2048 is for serious, paranoid crypto folks

          It is 256 8-bit chars.

          I don’t think anyone expects JPR to provide world class encryption. I was just commenting that just about any website is insecure.

          I don’t track this stuff. I would have to Google what encryption level is used to protect credit card and financial info.

          Please don’t spend time on 2048 bit just because I mentioned it.

          • Marym625 (26488 posts)
            Profile photo of Marym625 Admin

            14. Ok. Thank you!

            "Once the decision was made to go into Iraq as an invader and occupier,  it’s like our nation lost its conscience. And it has not yet gotten that conscience back." Madfloridian  
    • ThomPaine (4560 posts)
      Profile photo of ThomPaine Moderator

      11. I disagree. Having a password here might slow down the nit-wits

      that want to disrupt.  It’s unlikely that experts would want to mess with us.

      aka rhett o rick.     The rich treat us like ants. They may avoid stepping on us, but if our home is in the way of their new swimming pool, we can kiss our ants goodbye.
  • Purveyor (2633 posts)
    Profile photo of Purveyor Donor

    4. Getting the same message. What's up with that and why hasn't "admin" addressed

    or commented on the issue?

    • arendt (1432 posts)
      Profile photo of arendt

      5. why? several thoughts

      1 it’s only from latest version of firefox. May not affect many.

      2 only fix is to make the site https. That might be a lot of work or slow site down even more.

      3 there is no real change here. Merely a new warning.

      4 administration seem really busy

      I too would like a response, but I don’t do the work here, so I will wait for them to get around to it.

      • Purveyor (2633 posts)
        Profile photo of Purveyor Donor

        6. Either that or they haven't a clue. Lots of weird stuff, system wise going on

        here as of late.

        • ThomPaine (4560 posts)
          Profile photo of ThomPaine Moderator

          12. If you have issues with the administration of this site, you should take it up

          with the Admins directly in lieu of posting your attacks in here.

          aka rhett o rick.     The rich treat us like ants. They may avoid stepping on us, but if our home is in the way of their new swimming pool, we can kiss our ants goodbye.
      • Marym625 (26488 posts)
        Profile photo of Marym625 Admin

        9. Thank you ardent

        Yep, been a little busy lately. Sorry for the delay in responding

        "Once the decision was made to go into Iraq as an invader and occupier,  it’s like our nation lost its conscience. And it has not yet gotten that conscience back." Madfloridian  
    • Marym625 (26488 posts)
      Profile photo of Marym625 Admin

      8. Just to piss you off. No other reason

      :)

      See my response number 7

      "Once the decision was made to go into Iraq as an invader and occupier,  it’s like our nation lost its conscience. And it has not yet gotten that conscience back." Madfloridian  
  • Marym625 (26488 posts)
    Profile photo of Marym625 Admin

    7. Firefox says anything that uses JavaScript is not secure

    You can search the Google Safe Browsing

    https://www.google.com/transparencyreport/safebrowsing/diagnostic/?hl=en#url=Jackpineradicals.com

    Or use any anti-malware/virus program and see we’re safe.

    Firefox blocks the highlighted picture and other images on our site if you don’t tell it to allow it.

    We’re safe and always have been. :)

    "Once the decision was made to go into Iraq as an invader and occupier,  it’s like our nation lost its conscience. And it has not yet gotten that conscience back." Madfloridian  
    • arendt (1432 posts)
      Profile photo of arendt

      15. Javascript is an UNAVOIDABLE piece of crap

      Its no wonder Firefox says its insecure. It is a cobbled-together hack that programmers hate, and academics disparage; but it rules the front-end (user facing GUI) of the web. People have tried to displace it, but it is unkillable. Think immortal version of Adobe Flash.

       

      • Marym625 (26488 posts)
        Profile photo of Marym625 Admin

        16. Yikes!

        Yes, I don’t believe we can avoid using it here

        "Once the decision was made to go into Iraq as an invader and occupier,  it’s like our nation lost its conscience. And it has not yet gotten that conscience back." Madfloridian