A secure webpage will have an address that begins with https:// and a lock icon in the address bar. If a login page you're viewing does not have a secure connection, the Firefox address bar will show a lock icon with a red strike-through .

If you enter a password on an insecure webpage, eavesdroppers or attackers could steal it. You will also see a warning message when you click inside the login box to enter a username or password.

What can I do if a login page is insecure?

If the login page is not secure, check if a secure version exists by adding https:// in front of the website address. You can also contact the website administrator and ask them to secure the connection. Otherwise, it is not recommended that you submit any information through the page.

About insecure pages

Insecure pages do not provide secure connections for visitors. Instead, they use an unencrypted (HTTP) connection, and any information shared with these pages is at risk. Pages that need to transmit private information (such as credit cards, personal information and passwords) need to have a secure connection to help prevent attackers from stealing your information.

You should not enter private information, such as passwords or any personal detail, on a page with an insecure connection. The information you enter over an insecure connection can be stolen. To learn more, see How do I tell if my connection to a website is secure?

Note for developers

For developers looking to learn more about this warning, please see this MDN Web Docs page. The documentation explains when and why Firefox shows this warning, and provides some details on how to fix the issue. For more information, see this Mozilla blog post.