Disabling Firefox insecure password form warning

While I believe in security in general, and in SSL-certificates as a means for that, it gets quite annoying to have the newly released password form warning for several of my sites.

In particular my home router and my intranet NAS-box at home, which prefers http login, even though the NAS actually comes with an https-variant, which unfortunately does not work very well since it uses a self-signed certificate issued to QNAP NAS, and therefore does not match the hostname/URL of my configured NAS. Which still creates warnings and needs for exceptions and so on rather than actually helping out.

But anyway, the point of this post was not about QNAP, (who beyond this little misstep makes a splendid product), but about how to disable the insecure password form warning in Firefox, and also how to re-enable password autofill on http sites again.

So. Here’s how to disable Firefox insecure password warnings:

  1. Open a new tab, paste about:config into the address bar.
  2. In the Search box at the top, paste insecure_field_warning.contextual.enabled
  3. Double click the setting to change it to “false”, to disable Firefox’s insecure password warning.

To also restore autofill functionality, so saved login/password automatically populates in an HTTP form here’s how:

  1. In the Search Box on the about:config page, paste signon.autofillForms.http
  2. Double click the setting to change it to “true,” to enable autofill

And I believe the old joke on doing unsafe things you shouldn’t used to come with the warning “don’t do this at home!”… 😉

One thing I would like very much however is for Binero to come up with their planned support for free SSL-certificates through some 3rd party provider. (I believe Let’s Encrypt was mentioned in a comment to a blog post a while back but now I can no longer even find that specific blog post so it might have been deleted).



Enabling 2FA login

I came across this article on enabling two-factor-authentication for several accounts.

I noticed that not only are there several more services now offering 2FA than when I last checked a few months back. But once I set out to enable my accounts on these services I also noticed that several of them now supports apps in addition to SMS-messages.
And I’m also very glad that the apps are becoming more generic so I don’t need to have a mass of apps installed on my phone, but rather that it’s now possible to use for example Microsoft Authenticator not only for Microsofts own accounts but also for Google, Twitter, Dropbox, Amazon and others.

The article doesn’t mention Steam though, but I think it should. Steam is quite huge as platform and enabling 2FA was both easy and well worth it, considering the info stored there. And neither is Apple mentioned which is a little odd, but AppleID is also very smooth to enable for 2FA.

There are also some identity services missing in the article where maybe I should look more into their respective settings to see if they now support easy to use 2FA as well.

I’m thinking specifically of WordPress, Instagram, IMDb and Origin. And of course all the web shops where personal info is stored.

And lastly what I’d like to see now is support in Password Safe for PC and the pwSafe iOS app for tagging accounts with a green colour flag if they’re 2FA enabled.