Will your site pass Google Chrome's new security test?

Jan 10, 2017
Rate this item
(0 votes)
Google has started marking certain HTTP pages on its Chrome browser as non-secure. Google has started marking certain HTTP pages on its Chrome browser as non-secure. Picture: 9to5google.com

Starting this month Google will begin marking HTTP pages that collect passwords or credit cards on its Chrome browser as non-secure.

The move signals the company’s intention to help users browse the web safely and forms part of its long-term plan to mark all HTTP sites as non-secure.

When loading a website over HTTP, it is possible for someone else on the network to view or modify the site before it is delivered to you, meaning sensitive information such as passwords, banking details and other private data are at risk of being stolen.

Sites loaded over the HTTPS protocol, with the “S” at the end standing for “Secure”, indicate that communications between your browser and the website are encrypted and thus more secure. Not only does this mean that information cannot be intercepted, it also creates a sense of trust and confidence for those accessing a site.

Screen Shot 2016-09-08 at 10.43.11 AMHistorically, Chrome has not explicitly labelled HTTP connections as non-secure in the address bar of its browser.

Previous versions of the browser indicated HTTP connections with a neutral indicator, which according to Emily Schechter of Google’s Chrome Security Team, didn’t “reflect the true lack of security for HTTP connections”.

Schechter notes that Google’s plan to label HTTP sites more clearly and accurately as non-secure will take place gradually, based on increasingly stricter criteria.

Chrome 56, the latest beta version of the browser, will mark HTTP pages with password or credit card form fields as “not secure” since they are particularly sensitive to security breaches.

According to Motherboard, several companies and organisations have been pushing for more encrypted sites as part of a campaign to “Encrypt All The Things,” which consists of promoting more websites to abandon the traditional, less secure HTTP protocol and adopt HTTPS.

HTTPS usage is growing, with Google saying more than half of the desktop pages on Chrome have been served over HTTPS.

In future releases, Chrome will carry more HTTP warnings. “Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS,” writes Schechter.

Contact us for more information about setting up encryption on your website