The mystery behind Google Chrome’s ‘Not Secure’ sites.

The mystery behind Google Chrome's 'Not Secure' sites.

Have you noticed Chrome’s ‘Not Secure’ icon popping up more often than usual lately?

No, you’re not imagining things. Google has changed the way it defines and displays a website’s security level as part of their Chrome 56 update, meaning the Not Secure warning appears on more pages. The move is designed to make users more aware of their online safety.

In the past, Chrome did not specifically label HTTP sites as non-secure. However, Google has now started implementing plans which will eventually see all HTTP sites marked as ‘Not Secure’.

Chrome Not Secure Example

If you can’t tell your HTTP from your HTTPS, here’s a quick explanation:

HTTP – ‘HyperText Transfer Protocol’ is the process that allows communication between different systems. Most commonly, it is used for transferring data from a web server to a browser to view web pages.

When you load a website over HTTP, data is not encrypted. This means someone else on the network can look at or change the site before it gets to you, and information you input is ‘not secure’.

HTTPS – ‘HyperText Transfer Protocol Secure’ shows the website has an SSL Certificate, “SSL” stands for Secure Sockets Layer. Basically this means that there is an encrypted connection between the web server and the web browser. Without HTTPS, any data passed is potentially insecure.

Google is leading the way to a ‘more secure web’

Google is clear that their long-term goal is to increase internet security. Sites which use secure connections and utilise encryption provide a safer browsing experience, and Google is keen to encourage this type of security.

From January 2017, Chrome began marking HTTP pages that collect passwords or credit card details as ‘Not Secure’, to better inform customers that their data might not be safe.

Chrome Not Secure 2017

And from October, Chrome will show the warning on more sites. When users enter any data on a HTTP page, and on all HTTP sites viewed in Incognito mode, where users expect a higher level of security.

Chrome Not Secure October 2017

Chrome’s plan will continue to gradually label more and more HTTP sites, until eventually all HTTP site are shown as Not Secure.

Why should you adopt HTTPS?

Well, apart from the fact that eventually you’ll pretty much have to! It’s actually beneficial for you:

  • Google uses HTTPS status in their ranking criteria
  • HTTPS promotes customer confidence and trust
  • A must have for taking online payments.
  • Your site will be more secure!

If you’re using a content management system (CMS), like WordPress, or you have any other login where you host sensitive data, then setting up a secure HTTPS login is the absolute minimum precaution you should take.

Need a hand with SSL?

If we’ve got you thinking and you’d like some help to make sure your website is safe and secure, then we are happy to help. Give us a call, pop your details in our enquiry form, or ping us a message in live chat to discuss your requirements.