Starting with Firefox 51, users were shown a grey padlock with a red strike-through, to indicate that the (DonationCoder) website they were visiting was not secure (passwords are transmitted insecurely and subject to MITM sniffing).
From Firefox 52, there's now a dropdown box on the user login field that shows in plain language that "This connection is not secure. Logins entered here could be compromised."
I understand that there is a little more work to do to set up a site with SSL but in this day and age it is becoming more and more of a concern that the criminal element are getting more pervasive and taking username/password pairs from unprotected sites and using them on the more important sites.
It's also a fact of life that in order to make our (online) lives as simple as possible we tend to reuse that favourite password or login combo on several different sites which increases our chances of one day really getting pwned by some low-life.
I'm prompted to write and ask about this on the very day that Pwned ( https://haveibeenpwned.com/
) sent me an email advising my login at Evony was pwned in a breach in 2016 (took their time telling me but sometimes that data is not immediately available). Haven't played that game for a number of years and frankly have no idea what password I used but it serves as a reminder not to be too complacent about security.
My question is : (not if but) when will DC get an SSL Certificate to encrypt the login information and protect this data ??
Using a site such as Let's Encrypt ( https://letsencrypt.org/
) which became active April 2016, provides an automated service to obtain free SSL Certificates (and which I can vouch for works well as it's part of our setting up Test environments on various Cloud Servers)