Google announces further changes to the labelling of secure websites.
Google Chrome remains at the top of the world’s most-used browsers, so any changes the Chrome team makes will affect the vast majority of internet users.
In February of this year, Chrome announced it would be rolling out a number of steps to phase out sites still using insecure HTTP connections.
Chrome’s entire philosophy with this is to incentivise website owners to drop HTTP in favour of HTTPS.
This week, Emily Schechter, product manager at Chrome Security, announced several new steps that will boost HTTPS usage across the web and enable users to see security as the default setting on Chrome.
Google Chrome changing security indicators
Previously, users would see indicators in the Chrome browsers confirming that the site they are on is secure – the green padlock and ‘Secure’ notation in the search bar, for example. Schechter explained that since Chrome will soon be marking every HTTP page as ‘Not Secure’, the team has decided to move towards removing the positive security indicators in Chrome.
The ‘Secure’ wording and HTTP scheme will be removed as part of Chrome 69 this September and the default unmarked state will be secure. Previously, HTTP usage was too high to mark every single HTTP page with a stark, red warning, but October 2018 (Chrome 70) will see the introduction of the red ‘Not Secure’ warning when a user tries to enter information on such pages.
The rate of progress in terms of getting sites to switch to HTTPS has, generally, been swift. In February, Chrome said that more than 68pc of traffic on Android and Windows was protected, with 78pc protection rates reported for Chrome OS and Mac. 81 of the top 100 websites were using HTTPS as their default connection method in February, a figure that has certainly increased in the three months.
Google also ranks HTTPS sites higher in search results in order to stimulate the adoption of the security protocol.
Why is HTTPS better?
HTTPS, or Hyper Text Transfer Protocol Secure, is the protocol over which data is sent between your browser and the site you are connected to. You’ll see it most often during online payments or when dealing with internet banking interfaces, but it will soon become the default.
HTTP is much more vulnerable to man-in-the middle attacks or malware injections, whereas HTTPS was designed to withstand attacks such as these.