Latest News

Google Chrome and the Quest for a Secure Web

Heather

In January this year, Google began their campaign to make the web safer by marking pages served over plain HTTP as “not secure” if those pages asked for password or credit card information in their Chrome browser. This first phase has already seen a 23% reduction in visits to pages with password or credit card forms which are not secure, so website owners are stepping up and providing additional security.

You can read my post from last year on this subject to learn a lot more about HTTP and HTTPS in general, but for the purpose of brevity I’ll simply state here – the S in HTTPS quite literally stands for “secure”. So, HTTP = not secure, HTTPS = secure, and HTTPS is indicated by a padlock.

From October, Google Chrome will expand their “not secure” warning to include the warning for all types of forms. As soon as a Google Chrome user starts typing information into a form, if the page is HTTP instead of HTTPS, the browser’s address bar will be updated to say “Not Secure”. This will affect all websites with contact forms or search boxes – anything that a user can type into.

For users in Chrome’s “Incognito mode”, all HTTP pages will be flagged as “Not Secure” from October, regardless of whether the user is entering data or not.

This is great news for users – research shows that people do not generally perceive the absence of a warning sign, e.g. the absence of a green ‘secure’ padlock. Yet the situation in which the user is at greatest risk from scammers, hackers, and fraudsters, is when there is an absence of just such a sign.

And of course, Google Chrome is still the UK’s favourite browser, taking a huge 43% market share overall, and maintaining their 55% market share for desktop users. This popularity means that it is likely that a large number of your website’s users will be affected by this change, and also that other browsers are likely to follow Chrome’s lead in the near future.

So, what should you do about it?

First, check if your website is already secure. At EMSL we take the security of your website seriously, so we now include this security as standard for all new websites. Just visit your website, and look at your browser’s address bar to see if it shows a padlock like one of the examples below:

\"HTTPS

If it does, great news, you’re already secure and don’t need to take any further action! If it doesn’t, and your website has any kind of a form on it, whether it’s a simple search or a contact form, you will need to get an SSL certificate installed to avoid having your website marked as “not secure”.

We’ll be contacting our clients over the coming weeks to make sure everybody is ready for the upcoming changes to Google Chrome. If you think your website may be affected and want to get the ball rolling with a free security audit, just get in touch!

Google Chrome and the Quest for a Secure Web

From October, Google Chrome will start to mark any pages with forms as “not secure” as soon as the user starts typing.

Google Chrome is still the UK’s favourite browser, which means that it is likely that a large number of your website’s users will be affected by this change.

If your website looks like one of these examples, great news! You’re already secure!

We’d love to show you what we can do