Security/Features/Identify which bits are unencrypted: Difference between revisions

<p><span class="fck_mw_template">{{FeatureStatusfckLR|Feature name=Help users understand which bits are unencryptedfckLR|Feature stage=DraftfckLR|Feature health=OKfckLR|Feature status note=Brainstorming phasefckLR}}</span>

<span class="fck_mw_template">{{FeatureTeamfckLR|Feature product manager=Sid StammfckLR|Feature lead engineer=Tanvi VyasfckLR|Feature security lead=Lucas AdamskifckLR|Feature privacy lead=Sid StammfckLR}}</span>

<span class="fck_mw_template">{{FeaturePageBodyfckLR|Feature overview=Highlight passwords and other sensitive data that is not transmitted over ssl.  For the first stage, we will focus on type=password.fckLRfckLR|Feature users and use cases=* A user is asked to login on an http page.  The login form submits to an http destination.  Users password is sent in cleartext.fckLR* A user is asked to login on an https page.  The login form submits to an http destination.  Users password is sent in cleartext.fckLR* A user is asked to login on an http page. The login form submits to an https destination. An attacker can mitm the first request to the login page and replace the form with one that submits the password to the attackers webpage instead.fckLRfckLR|Feature requirements=When type=password, outline the password box in red.  Also add a note to the user that occurs onfocus so they know why the form is outlined in red.fckLR}}</span>

<span class="fck_mw_template">{{FeatureInfofckLR|Feature priority=P2fckLR|Feature theme=Secure Network ConnectionsfckLR|Feature roadmap=PrivacyfckLR|Feature list=DesktopfckLR}}</span>

<span class="fck_mw_template">{{FeatureTeamStatus}}</span>