Closed Bug 624064 Opened 14 years ago Closed 7 years ago

When Firefox asks user to save password, the icon may be confused for a security certificate verified icon.

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: strugee, Unassigned)

References

(
URL
)

Details

(Keywords: ux-userfeedback) 

User-Agent:       Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0b8) Gecko/20100101 Firefox/4.0b8
Build Identifier: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0b8) Gecko/20100101 Firefox/4.0b8

When you log in to any web site or service (that doesn't use a non-native platform like Flash), Firefox displays a key icon next to the favicon, asking you if you want to save the login info. This is normal.
However, the problem lies in the fact that the user may confuse this as an icon indicating the security level of the website itself, like whether the connection is encrypted, website has a valid certificate, etc.

Reproducible: Always

Steps to Reproduce:
1. Go to any website that requires you to login, like gmail.com.
2. Login.
3. Notice the key icon next to the favicon. It looks just like a security indicator, doesn't it?
Actual Results:  
The key icon may be mistaken for a webpage security indicator. 

Expected Results:  
The key icon should be mistaken for a webpage security indicator.
That's a valid concern, requesting user experience feedback.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: ux-feedback
If the connection is encrypted, the color of favicon's zone changes. Blue if the owner is unknow, green if the owner is know ;).
(In reply to Joël Tang from comment #2)
> If the connection is encrypted, the color of favicon's zone changes. Blue if
> the owner is unknow, green if the owner is know ;).

I realize that, but the average user may not.
With the new identity block, is this bug still NEW or is it WONTFIX? It's been here for a while.
With the new design, it is worse because the icon and background for the password manager looks more like the icon and background for the lock icon.
I'm thinking this is INVALID now - the indicators have changed significantly since this was reported. The lock icon is now green even for non-EV certs and HTTP is starting to be labeled insecure (whoo!). Given that, plus the fact that nothing significant has happened on this bug since the original report, I'm closing.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.