Friday, May 18, 2018

Google pushes harder for HTTPS with new security notifications for Chrome

Google is continuing its effort to increase uptake of HTTPS, and will soon make it much more obvious if you're visiting an insecure site.

Starting with Chrome 69 (due for release in September), sites using HTTPS will no longer receive a pat on the head in the form of a green padlock icon in the address bar. That's the very minimum that Google expects.

Things will get even stricter with the release of Chrome 70 (scheduled for October). Instead of a subtle grey notification in the address bar, non-HTTPS sites will be flagged up with a bright red warning triangle – the same one it currently uses if there's a problem with a site's security certificate.

"Users should expect that the web is safe by default, and they’ll be warned when there’s an issue," Google said in a blog post.

Red alerts

Google's first stab at labelling non-encrypted sites came in the form of a discreet 'i' icon, which users could click to find out more. It wasn't terribly intuitive, and was easy to miss.

The browser began labelling non-HTTPS sites more clearly early last year, starting with pages that transmit passwords and credit card details. These warnings were designed to help Chrome users avoid 'man in the middle' attacks, where data is intercepted by a third party.

Google's ultimate goal is for all sites to use HTTPS encryption. "We hope these changes continue to pave the way for a web that’s easy to use safely, by default," it says.

Via The Verge



from blogger-2 https://ift.tt/2rWSjzF
via IFTTT

No comments:

Post a Comment