User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0b8) Gecko/20100101 Firefox/4.0b8 Build Identifier: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0b8) Gecko/20100101 Firefox/4.0b8 When you log in to any web site or service (that doesn't use a non-native platform like Flash), Firefox displays a key icon next to the favicon, asking you if you want to save the login info. This is normal. However, the problem lies in the fact that the user may confuse this as an icon indicating the security level of the website itself, like whether the connection is encrypted, website has a valid certificate, etc. Reproducible: Always Steps to Reproduce: 1. Go to any website that requires you to login, like gmail.com. 2. Login. 3. Notice the key icon next to the favicon. It looks just like a security indicator, doesn't it? Actual Results: The key icon may be mistaken for a webpage security indicator. Expected Results: The key icon should be mistaken for a webpage security indicator.
That's a valid concern, requesting user experience feedback.
If the connection is encrypted, the color of favicon's zone changes. Blue if the owner is unknow, green if the owner is know ;).
(In reply to Joël Tang from comment #2) > If the connection is encrypted, the color of favicon's zone changes. Blue if > the owner is unknow, green if the owner is know ;). I realize that, but the average user may not.
With the new identity block, is this bug still NEW or is it WONTFIX? It's been here for a while.
With the new design, it is worse because the icon and background for the password manager looks more like the icon and background for the lock icon.
I'm thinking this is INVALID now - the indicators have changed significantly since this was reported. The lock icon is now green even for non-EV certs and HTTP is starting to be labeled insecure (whoo!). Given that, plus the fact that nothing significant has happened on this bug since the original report, I'm closing.