Chrome set to name and shame all non-secure websites
Google’s Chrome browser will soon warn users when they visit a site that could let hackers steal their personal information. The new system, due to be incorporated into future versions of the browser, will flag up websites that do not use an HTTPS connection.
Emily Schechter of Chrome’s security team announced the move in a recent blog post ( www. snipca.com/21804), stating that “beginning in January 2017 (Chrome 56), we’ll mark HTTP sites that transmit passwords or credit cards as non-secure.”
Websites that use standard HTTP (without the ‘S’) are considered non-secure because information shared over the connection is not encrypted, meaning any personal details, logins, or payment-card numbers you enter could easily be intercepted by a hacker.
Currently, if you visit an HTTP site in Chrome, you need to click the icon next to the site’s URL in the address bar to view information about whether the site is secure or not. In Chrome 56, any sites not protected by an encrypted HTTPS connection that require you to enter information into online forms will display a ‘Not Secure’ warning next to the address (see screenshot above). Google’s long-term plan is for all non-secure HTTP sites to be flagged up with a red warning symbol too (see screenshot below left).
It’s important to remember, however, that just HTTPS doesn’t guarantee a website is safe. As security expert Graham Cluley points out in his response to Google’s move ( www.snipca. com/21806), it’s “perfectly possible for criminals to set up a website with HTTPS if they wished or compromise a legitimate website that was using web encryption properly”.