What next : Chrome/Firefox Shows HTTP Sites as Not Secure

In January 2017, with the release of Chrome 56, a “Not secure” message  presented on pages with password and credit card form fields that are not protected with an SSL/TLS certificate.

Google does not plan to stop there. In a to-be-announced release, Chrome will not show the circle-i, but will show the red triangle for all HTTP pages. This is the same indication that is provided for broken HTTPS sites and will further stress the “not secure” message.

Website owners and administrators need to consider Always-On SSL or the HTTPS Everywhere concept. Now HTTPS will provide the following advantages:

  • Security to all websites and pages regardless of content
  • Mitigate known vulnerabilities such as SSLstrip and Firesheep
  • Provide browser user privacy
  • Higher search engine optimization (SEO) for Google
  • Higher trust indication with a green lock icon and no “Not secure”

In a similar fashion, Mozilla Firefox :

This is a new feature that is available starting in Firefox version 51.

Firefox will display a grey lock icon with a red strike-through in the address bar, when a login page you’re viewing does not have a secure connection. This is to inform you that if you enter your password it could be stolen by eavesdroppers and attackers.

Starting in Firefox version 52, you will also see a warning message when you click inside the login box to enter a username or password.

pw.jpg

 

With proper installation of an SSL/TLS certificate, the “not secure” warning will disappear and be replaced by a green lock icon. Then the answer to the above questions will be “Yes, the site is secure.”

 

 

 

tricep medial head
Prev