Chrome begins marking all 'HTTP' websites as 'Not secure'

Chrome begins marking all 'HTTP' websites as 'Not secure'

Matt Blowes August 03, 2018 Security, Software

Google Chrome has finally implemented a stricter policy for website security. Website addresses with the prefix HTTP, instead of HTTPS, will now display a 'Not secure' indicator from Chrome version 68. 

The 'S' in HTTPS shows that a website has a security certificate, which protects information that is sent between your device and the website. However, it is important to remember that the green 'Secure' icon does not mean a website is safe. 

http-chrome68

HTTP v HTTPS

Google succinctly explains the difference:

"When you load a website over plain HTTP, your connection to the site is not encrypted. This means anyone on the network can look at any information going back and forth, or even modify the contents of the site before it gets to you. With HTTPS, your connection to the site is encrypted, so eavesdroppers are locked out, and information (like passwords or credit card info) will be private when sent to the site."

HTTPS doesn't ensure security

Unfortunately, even websites that have a green 'Secure' lock are not guaranteed to be secure.

The connection between you and the website may be secure from third parties, but the website itself may be malicious. 

The green 'Secure' icon merely means the website's certificate is valid. It does not discriminate between legitimate and malicious websites. 

What's next

From October, in Chrome version 70, the 'Not secure' indicator will turn into a red warning if you begin to enter in any data on a 'Not secure' website.

chrome-70-warning

This could be an issue for several popular websites that have yet to add a security certificate, two notable examples being ABC News and the Bureau of Meteorology (BoM)

Google previously announced the 'Not secure' change but its implementation date was regularly moved. Eventually the green 'Secure' notice on 'https' websites will also be removed, as Google intends for that level of website security to become standard.

New call-to-action

This article was written with assistance from our Systems Engineer Brian Hunter. 

Recent Posts

Subscribe to Email Updates

SHARE THIS