Firefox 3: Expand the Site Identification button on HTTPS pages
Yet another way to insure you're always aware of encrypted HTTPS web pages
My last two postings were about making secure HTTPS web pages more obvious in Firefox 3 by adding back the colored address bar from version 2. There is yet another visual trick available with Firefox 3 that also makes secure web pages harder to miss.
As noted earlier, the new site identification button, which used to be merely a favorite icon, now turns blue on most HTTPS pages and turns dark green (see below) on those that offer extended proof of their identity (such as jr.com and paypal.com).
The dark green site id button includes the strongly verified website name and is thus much wider and more obvious. In contrast, the blue site id button show below is easily missed.
With a little configuring, we can get the blue site id button to also include the website name. While, domain names displayed in blue are not as well verified, the point is to get the extra visual clue that the page is encrypted.
This comes from a comment to this article by Johnathan Nightingale, who works on security at Mozilla.
"I would recommend that color blind users (or others, for that matter) also consider changing the browser.identity.ssl_domain_display pref in about:config. Changing this from 0 to 1 causes the verified domain to be displayed in the button for basic-identification sites."
To do this, first enter "about:config" in the address bar (without the quotes), then click on the all-too cutesy "I'll be careful I promise" button.
Next, in the Filter box, type "browser.id". That should leave your browser looking like the below:
Double click on browser.identity.ssl_domain_display and change the default of zero to 1.
Click OK and you're done. There is no need to restart Firefox, you'll see the new expanded blue site id button the next time you view an HTTPS page. I verified this in Windows XP, 2000, Vista and Ubuntu Linux 8.04. It should work in Macs too.
Combining Tips
Finally, if you read my earlier postings about restoring color (either yellow or green) to the address bar for encrypted HTTPS pages, then the end result is shown below.
There is no missing the fact that this page is encrypted.
See a summary of all my Defensive Computing postings.