Firefox 70 will issue warnings on http sites and leaked passwords

Firefox will mark web pages without https as unsafe from version 70. Until now, this happened the other way around and https pages were marked as safe. In addition, Firefox will issue warnings when using vulnerable passwords.

Mozilla is following Google’s lead with the warning. That has been showing a big warning for unencrypted websites since Chrome 68, which came out last year. The change is not entirely new for Mozilla either; the company has been working on it since 2017. Previously, the company already showed warnings for input fields on websites where no https was available.

The warning will appear on websites, but also on FTP connections and certificate errors, developer Johann Hofmann tells ZDnet. According to Mozilla, users no longer need to read that a website is safe, because more than eighty percent of all sites are now encrypted with https.

In addition to the insecurity indicator, Firefox 70 will receive integration with the database of data breach search engine Have I Been Pwned. If users enter a password or e-mail address that has been found in a data breach in a field, they will see a notification. This only happens if both the e-mail address and the password in a breach are known to Have I Been Pwned. The feature is tied to Lockwise, Firefox’s integrated password manager. Mozilla would also consider offering paid services around that service, but in what form that will happen is not yet known.