Google's Chrome Browser to Signal All Text Input Websites as "Not Secure" Starting October
In a move to enhance security and trust on the web, Google Chrome will mark websites that do not use HTTPS as "Not Secure" starting from Chrome 63, set to be released in December 2017. This change aims to promote the use of HTTPS, a secure protocol that encrypts data transmitted between users and web servers, thereby protecting sensitive information from potential threats.
From Chrome 63 onwards, websites that lack HTTPS or a valid SSL certificate will be flagged as "Not Secure" near the address bar. This warning serves to alert users about the vulnerability of data exchanged with these sites, as it is not encrypted and could be susceptible to interception or tampering by attackers.
To ensure a website is secure, users should look for a URL starting with HTTPS and a padlock icon near the address bar. Clicking on the padlock icon will reveal details about the certificate, including the issuer, validity period, and encryption details. Websites without HTTPS or a valid SSL certificate will be marked "Not Secure" to emphasize the risk to users visiting such sites.
This enforcement aligns with a broader push across the web to enhance user privacy and secure communication channels. Google's decision to mark unsecured websites as "Not Secure" is part of the company's ongoing efforts to improve online security and protect users from potential threats.
It is important to note that this change does not apply to FTP sites, as a different action was taken regarding them in Chrome 63. Moreover, the change does not affect HTTPS sites, as they are already considered secure. The action against Symantec's SSL certificates does not affect HTTP sites, as a different action was taken to mark them "Not Secure" in Chrome 62.
The move to mark HTTP sites as "Not Secure" is due to their vulnerability, as they are unencrypted and susceptible to hackers, malware, and phishing sites. To prevent this label, websites need to get a security certificate and migrate to HTTPS.
In summary, websites using HTTPS with a valid SSL certificate will be considered secure, while those using HTTP without encryption will be marked "Not Secure" in Chrome 63 and beyond. Websites using HTTPS but with an invalid certificate will also be marked "Not Secure" due to certificate issues causing distrust. This change underscores Google's commitment to promoting web security and privacy, and encourages website owners to adopt HTTPS to protect their users' data.
References: - How to check SSL certificates and Chrome’s use of HTTPS as a security indicator. - HTTP pages visited in Incognito mode will be marked "Not secure" in Chrome 62. - The change in Chrome 70 will not impact EV SSL certificates issued by Symantec's subsidiary, Thawte, as they are not part of the affected infrastructure. - This action will affect any certificate chaining to Symantec roots, except for a small number issued by independently-operated and audited subordinate CAs. - The move is part of Google's ongoing efforts to improve online security and protect users from potential threats.
Websites found without HTTPS or a valid SSL certificate, starting from Chrome 63, will be labeled "Not Secure" to alert users of potential data interception or tampering risks. Ensuring a website's security involves verifying a URL starting with HTTPS and checking for a padlock icon near the address bar, as sites without this protection could be flagged as "Not Secure."
