Tag: not secure

HTTPS Update: Google Chrome Displays “Not secure” Warning on More Websites

Posted by Ken Moire & filed under Security.

In January we talked about Google displaying a “Not secure” warning to Chrome users who visit any non-HTTPS web pages that accept passwords or credit card information. Soon, Chrome will display this warning in additional cases, affecting website visitors and site owners.

What To Expect

Coming in October, visitors to any non-encrypted (or non-HTTPS) web page that includes a form or to any non-HTTPS website while browsing in “incognito mode” will receive this warning. This will affect even more sites where search, contact and lead generation forms are prevalent.

Google HTTP Not Secure Warning

Chrome’s HTTP Not Secure Warning

This warning does not necessarily mean the website has been compromised. It is a precautionary move by Google to inform website visitors their browsing and communications are not encrypted.

Why Encrypt

The responsibility for web security belongs to all of us: web developers, website owners, network administrators, hardware and software manufacturers, and of course, users. In this chain, web security is only as good as the weakest link. This latest maneuver by Google, in an effort to make the web a more secure place, highlights the responsibility of site owners to provide safe, secure browsing and online communication for their visitors. For users, it educates them on the risk of using non-HTTPS websites, particularly when collecting personal information.

In light of the recent Equifax hack, it is important for users to know their online communications and personal data are secure. And site owners should take measures to obtain a secure socket layer (SSL) certification and move to HTTPS.

SSL certificates are now more affordable than ever. There are three main methods for securing your site. Domain Validated SSL certificates provide a basic level of encryption, and are relatively easy to implement. Organization Validated (OV) and Extended Validation (EV) SSL certificates require more validation, making them costlier and more complicated to set up.

Talk to your web hosting provider to see what your options are and which solution makes the most sense for your website or application.  

What Happens If You Do Nothing

Having HTTPS is a factor in improving your site’s search rank in Google. Displaying this message to your visitors can have a negative long-term impact on your brand’s trust, and worse, keeps you and your visitors open to potential malicious attacks.

While this change currently only impacts users on Google Chrome, other browsers have historically followed Google’s lead on security issues. Firefox to Microsoft Edge will likely follow suit.