Helps to prevent you from sending unencrypted passwords or credit card numbers.
Password boxes look secure, but are they really? Sometimes, website developers don't know about HTTPS (http://en.wikipedia.org/wiki/HTTPS) or have elected not to set it up for technical reasons, so your password will actually be sent over the Internet unencrypted. The password box looks the same either way. Unencrypted Password Warning detects whether a password or credit card number is about to be sent with a form that does not use HTTPS, blocks it from being sent, and tells you why.
- Displays a warning when you click on or type in a password box that will be sent unencrypted.
- Displays a warning when you submit a form with a credit card number or password that will be sent unencrypted.
- Options let you disable either category of warning or elect not to warn for particular domains.
Note: you should never enter sensitive information into untrusted websites, even if Unencrypted Password Warning does not warn you. A malicious website or Chrome extension, can still steal such information if you enter it, even if you do not submit the form. Unencrypted Password Warning is designed as an extra layer of security, not a perfect defense.
There is a simple unencrypted test form at http://scott.wolchok.org/warntest.html. You should be warned when you click on the right field, and if you type 0123456789123458 into the left field and press enter, you should be warned about both a password and a credit card number being submitted without encryption (see screenshots).
- Changes to the options don't take effect on pages that you've already loaded. In particular, if you really want to submit a form unencrypted, you'll have to refresh the page and possibly fill out the form again after whitelisting the form's domain.
NEW IN 0.4.0: By popular request, added "Disable warnings" button to temporarily disable warnings on a page.