Rated 2 out of 5 stars

The plugin has both false positives and false negatives:
- It does not detect password fields inside an IFRAME (even if the site containing the IFRAME is unencrypted too).
- It claims e.g. the password field for addons.mozilla.org to be insecure because it uses JavaScript.

If the false negatives can be eliminated, and a list of excepted sites is included, the plugin will be quite useful.

Rated 3 out of 5 stars

I agree with previous posters, the big red message is an overreaction. Solution provided by previous poster is nice, showing only a dialog box.
I also observed the extension doesn't work on some login interfaces on some pages, the method to identify unsecure connections should be refined.

Rated 4 out of 5 stars

This is actually a 5-star extension, except for the already stated facts that (1) the big red warning is overreacting and (2, more importantly) it also breaks with NoScript.

To everyone who has the same opinion: fortunately there is a trivial fix to it. go to your Firefox profile, folder "extensions". Then edit the file SSLPasswdWarning@c4i.gmu.edu/chrome/content/SSLPasswdWarning.js

comment out the line that reads

sslpasswdwarning.displayStaticMessage(doc, messageObj, message,'modalDialog_contentDiv_error');

i.e, change it to

//sslpasswdwarning.displayStaticMessage(...)

I've tested this (Ubuntu 10.04, FF 3.6.10) and it seems to work correctly. It still displays the alert box once you (try to) submit, so you can still cancel. I verified that when pressing cancel, no data whatsoever is being sent.

Needs at least one trivial fix Rated 2 out of 5 stars

1. I really don't like that Big Red Message. It is overreaction. Just remove it.
2. When NoScript blocks scripts (and it usually blocks scripts for me) that Big Red Message just cannot be closed. FAIL.

I like to see just the second message box when I submit the form. And I want to be _sure_ that no text entered in "*****" box will leave "firefox-bin" process without encryption and without this message box.

But also it can be some even more soft variant like pop-up badge ("Warning! This password is going to be submitted insecurely").
Also list of sites where this warning to be omitted (like "I know that this site has insecure login") should be useful.

Please test it with NoScipt and rerelease.

bug Rated 1 out of 5 stars

bug:
at this site:
http://www.betanews.com/auth/signup
the warning gets generated, but it will not go away no matter how many times I click the "x".

Don't know if it is a conflict with the site, or with another addon, or something else, but I have to remove it til this problem gets fixed.

Rated 3 out of 5 stars

The red warning after clicking into a password field reminds me to the Amiga BootRom Failure Message.. or looks like an old DOS window.. or looks like these funny lines, arrows or circles which are drawn by free hand & windows paint into images where peoples want show or highlight something. It looks misplaced.. but it works. ^^
The cursor focus @ password field is lost after closing the warning.. one more click needed. This could be a feature for better security? But it seems to be a 'bug'..
The red warning is NOT shown if.. you open a website where the login form is automatically filled by the firefox password manager.. and you just have to click on the login button (no need to click into the password field). BUT after clicking the login button.. there is one more warning message. I think.. the red warning could be removed.. the second message works and would be enough.

Rated 5 out of 5 stars

Please update this. I'd really like to use it.

This review is for a previous version of the add-on (0.4). 

Rated 5 out of 5 stars

I like this, by and large, but I would like to see a "whitelist" option to tell it that, for a particular site, I don't *care* that it's insecure. For example, my "journal" is a private blog hosted on my own machine, and whenever I try to log on to add a post, the big red warning box pops up. I'd like to quash that.

Aside from that, this thing is a godsend. Thank you.

This review is for a previous version of the add-on (0.4). 

Really Works Rated 4 out of 5 stars

Nice job...This extension actually works. Gives you security warning before you send your password over an insecure network.

This review is for a previous version of the add-on (0.1). 

Rated 5 out of 5 stars

Works very nicely. Feels and looks like a trustworthy add-on. It correctly identifies when you send a password over an unencrypted connection.

This review is for a previous version of the add-on (0.1). 

Rated 5 out of 5 stars

Awesome plugin..

This review is for a previous version of the add-on (0.1). 

Rated 5 out of 5 stars

Very nice add on. Nice UI, works with different kinds of pages and browsers. Highly Recommended.

This review is for a previous version of the add-on (0.1). 

Helpful Utility Rated 5 out of 5 stars

Works as advertised. Warns you when you are about to send a password over the net in plaintext!

This review is for a previous version of the add-on (0.1). 

Rated 5 out of 5 stars

Great extension! Works as advertised ;)

This review is for a previous version of the add-on (0.1). 

Rated 5 out of 5 stars

Great extension! Works as advertised ;)

This review is for a previous version of the add-on (0.1). 

Rated 5 out of 5 stars

This extension is successful in detecting when you are about to send unencrypted sensitive information over the Internet.

This review is for a previous version of the add-on (0.1).