Google Chrome has finally implemented a stricter policy for website security. Website addresses with the prefix HTTP, instead of HTTPS, will now display a 'Not secure' indicator from Chrome version 68.
The 'S' in HTTPS shows that a website has a security certificate, which protects information that is sent between your device and the website. However, it is important to remember that the green 'Secure' icon does not mean a website is safe.
HTTP v HTTPS
Google succinctly explains the difference:
"When you load a website over plain HTTP, your connection to the site is not encrypted. This means anyone on the network can look at any information going back and forth, or even modify the contents of the site before it gets to you. With HTTPS, your connection to the site is encrypted, so eavesdroppers are locked out, and information (like passwords or credit card info) will be private when sent to the site."
HTTPS doesn't ensure security
Unfortunately, even websites that have a green 'Secure' lock are not guaranteed to be secure.
The connection between you and the website may be secure from third parties, but the website itself may be malicious.
The green 'Secure' icon merely means the website's certificate is valid. It does not discriminate between legitimate and malicious websites.
From October, in Chrome version 70, the 'Not secure' indicator will turn into a red warning if you begin to enter in any data on a 'Not secure' website.
Google previously announced the 'Not secure' change but its implementation date was regularly moved. Eventually the green 'Secure' notice on 'https' websites will also be removed, as Google intends for that level of website security to become standard.
This article was written with assistance from our Systems Engineer Brian Hunter.