When Firefox asks user to save password, the icon may be confused for a security certificate verified icon.

RESOLVED INVALID

Status

()

Firefox
Security
RESOLVED INVALID
7 years ago
7 months ago

People

(Reporter: strugee, Unassigned)

Tracking

({ux-userfeedback})

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

7 years ago
User-Agent:       Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0b8) Gecko/20100101 Firefox/4.0b8
Build Identifier: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0b8) Gecko/20100101 Firefox/4.0b8

When you log in to any web site or service (that doesn't use a non-native platform like Flash), Firefox displays a key icon next to the favicon, asking you if you want to save the login info. This is normal.
However, the problem lies in the fact that the user may confuse this as an icon indicating the security level of the website itself, like whether the connection is encrypted, website has a valid certificate, etc.

Reproducible: Always

Steps to Reproduce:
1. Go to any website that requires you to login, like gmail.com.
2. Login.
3. Notice the key icon next to the favicon. It looks just like a security indicator, doesn't it?
Actual Results:  
The key icon may be mistaken for a webpage security indicator. 

Expected Results:  
The key icon should be mistaken for a webpage security indicator.
That's a valid concern, requesting user experience feedback.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: ux-feedback

Comment 2

6 years ago
If the connection is encrypted, the color of favicon's zone changes. Blue if the owner is unknow, green if the owner is know ;).
(Reporter)

Comment 3

6 years ago
(In reply to Joël Tang from comment #2)
> If the connection is encrypted, the color of favicon's zone changes. Blue if
> the owner is unknow, green if the owner is know ;).

I realize that, but the average user may not.
(Reporter)

Comment 4

6 years ago
With the new identity block, is this bug still NEW or is it WONTFIX? It's been here for a while.
With the new design, it is worse because the icon and background for the password manager looks more like the icon and background for the lock icon.
(Reporter)

Comment 6

7 months ago
I'm thinking this is INVALID now - the indicators have changed significantly since this was reported. The lock icon is now green even for non-EV certs and HTTP is starting to be labeled insecure (whoo!). Given that, plus the fact that nothing significant has happened on this bug since the original report, I'm closing.
Status: NEW → RESOLVED
Last Resolved: 7 months ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.