Next steps toward more connection security

10th November 2020 Simon Steed

Back in 2017, Google announced they would be marking web pages that do not run over SSL as 'Not Secure' when form fields are upon the site. This was a major gamechanger at the time as they were the only browser company to do this.

Roll on a few years to 2020 and you will notice Safari and Firefox also warn you now if a website is not using an SSL certificate. Amazing as it may seem, there are still thousands and thousands of websites still not using this technology or have implemented it badly.

You are affected if you meet any of the following criteria:

  • You have password, sensitive info i.e. usernames, email addreses or credit card fields upon your website
  • You are not running an SSL (secure certificate) upon your site
  • The visitor is using one of the mainstream web browsers

This is what Emily Schechter from the Chrome Security Team said about it back in April 2017.

 

In January, we began our quest to improve how Chrome communicates the connection security of HTTP pages. Chrome now marks HTTP pages as “Not secure” if they have password or credit card fields. Beginning in October 2017, Chrome will show the “Not secure” warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.
Treatment of HTTP pages in Chrome 62

Our plan to label HTTP sites as non-secure is taking place in gradual steps, based on increasingly broad criteria. Since the change in Chrome 56, there has been a 23% reduction in the fraction of navigations to HTTP pages with password or credit card forms on desktop, and we’re ready to take the next steps.

Passwords and credit cards are not the only types of data that should be private. Any type of data that users type into websites should not be accessible to others on the network, so starting in version 62 Chrome will show the “Not secure” warning when users type data into HTTP sites.

Form And Incognito Http Bad Verbose

When users browse Chrome with Incognito mode, they likely have increased expectations of privacy. However, HTTP browsing is not private to others on the network, so in version 62 Chrome will also warn users when visiting an HTTP page in Incognito mode.

Eventually, we plan to show the “Not secure” warning for all HTTP pages, even outside Incognito mode. We will publish updates as we approach future releases, but don’t wait to get started moving to HTTPS! HTTPS is easier and cheaper than ever before, and it enables both the best performance the web offers and powerful new features that are too sensitive for HTTP. Check out our set-up guides to get started.

Contact our team to see how we can get your website secured, maybe take advantage of our Website Audit service which will give you this and much more information in an easy to digest report for you to action.

In a nutshell, if you are not secure, you are likely to be losing customer confidence and hence sales from your website!

If you need professionals to look after your website and it's security, get in touch with us here

Related to this post

How often should you post to social media?
10/11/2020 | By Simon Steed
Social media Posting Facebook Twitter LinkedIn Instagram
How often should you post to social media?

How often should you post to social media? It's a question we get asked quite a lot, how frequently should you post to Facebook and Twitter? Find out in our latest post.

Read more
Beginners checklist for effective seo
10/11/2020 | By Simon Steed
SEO Do your own SEO Online Marketing
Beginners checklist for effective seo

SEO can be a minefield of differing opinions depending upon whom you speak to. We've prepared a list of some basic search engine optimisation techniques to optimise your website for competitive keyword phrases to get you on your way.

Read more