Categories: SecurityWorkspace

Google’s Chrome Browser To Remove ‘Secure’ HTTPS Indicators

Google is set to change the way websites secured with the HTTPS protocol appear to users of its Chrome browser, in the next step of its ongoing campaign to promote the use of encrypted communications on the web.

HTTPS was initially used by the likes of e-commerce or banking sites, typically to protect the security of sensitive data, such as the entry account credentials or payment details, but has recently become more widespread, in part thanks to Google’s efforts to shame sites that don’t use it.

Browsers have been marking HTTPS-secured sites with a green padlock for more than a decade, and last year Chrome began marking sites that handle transactions, but don’t use the protocol, as “Not Secure”.

Safe by default

The next step, Google has said, is to eliminate the “Secure” label from HTTPS sites, since HTTPS should be the norm, the company said.

“Users should expect that the web is safe by default, and they’ll be warned when there’s an issue,” Chrome security product manager Emily Schechter wrote in a blog post.

Version 69 of Chrome, coming in September, will change the way web data entry fields protected with HTTPS are marked, replacing the green padlock and the word “Secure” with a simple grey padlock.

At some point after that, Chrome will eliminate the padlock altogether, Google said.

“Since we’ll soon start marking all HTTP pages as ‘not secure’, we’ll step towards removing Chrome’s positive security indicators so that the default unmarked state is secure,” Schechter wrote.

With Chrome version 70, in October, Chrome will also change the way data-entry fields on non-HTTPS websites are marked.

‘Not secure’

They will be marked as “Not secure” in the address bar, and when a user begins entering information on the page, the warning will turn red, with a red triangle.

The use of HTTPS was initially limited in part due to the complexity of managing the secure systems and certificates involved, but Google said the technology is now “cheaper and easier than ever before”.

Security experts, however, have said the spread of HTTPS can lull users into a false sense of security, since there’s nothing to stop malicious sites from deploying it.

And while it protects information passed to a web page, it does nothing to ensure websites protect that data once it’s in their possession – a fact that has led to a number of massive security breaches in recent years.

Do you know all about security? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Microsoft To Acquire Activision Blizzard For $68.7 Billion

Huge tech acquisition, as software giant seeks major expansion of its gaming credentials with purchase…

7 hours ago

Amazon Sued For Worker Death In Deadly Tornado Strike

Parents sue Amazon for wrongful death, after son was among six workers killed when Amazon…

10 hours ago

Twitter Expands Misleading Tweet Feature

Twitter has expanded its test feature to other countries that allows users to flag or…

11 hours ago

US Airline Bosses Warn Of ‘Catastrophic’ Aviation Crisis Due To 5G

US aviation 5G scare-mongering continues, as CEOs of ten US airlines warn of 'havoc' caused…

11 hours ago

Government Backs Ad Campaign Against End-To-End Encryption

Public funds to used for government-backed advertising campaign against end-to-end encryption, but security experts argue…

14 hours ago

Amazon Last Minute Extension For Visa Card Payments

UK Amazon users can continue using their Visa cards for online shopping for now, after…

15 hours ago