Google shaming websites into security

Next story

Google is going to shame websites that don't use HTTPS by more prominently indicating their lack of a secure connection.

Image

In September 2016, Google released an insight into the latest news on internet browser security via their blog. This suggests that when surfing the web, Google Chrome shows an icon in the address bar indicating the security of HTTPS and the browser safety. Till now Google hasn’t informed users about HTTP connections that are unsecure.

From January 2017, Google plans to mark any HTTP pages that collect passwords or credit card details with an icon, stating it is “non-secure”. This is part of long term plans of different measures, implemented to make users’ browsing experience as safe as possible. Mark James, ESET IT Security Specialist, gives his professional advice on Google’s pending plans.


Is this a good idea?


“In all honesty anything that enables people to get a better understanding of the current state of their security is a good thing.

“There are so many things the end user has no control over when it comes to others managing their private data, but you can decide if you want to use an insecure connection - especially if you’re dealing with the input of private data.

“Google has announced that “Beginning in January 2017 (Chrome 56), we’ll mark HTTP sites that transmit passwords or credit cards as non-secure”.

“The thing to note here is “Sites that transmit passwords or credit cards”. We want these websites to be secure, and having a clear identifier between HTTP and HTTPS is something the user should be aware of.”


How easy is it for websites to go encrypted?


“It’s just down to time, effort and money, and, as with most security procedures, it’s not necessarily expensive and in some cases, can be relatively low cost but it does make a difference.

“Choosing a browser these days is as important as any software you use on a daily basis, and you should consider all the security features that each product offers.

“At least if you’re presented with a clear indicator you can decide whether you want to hand over your precious private data.”


Does HTTPS give users a false sense of security?

“HTTPS is not 100% safe, but it’s a lot safer than plain insecure HTTP. Any internet activity comes at a risk, but your goal should be to lower the attack vector and make it as hard as possible for the opportunistic thief to steal your data.


Were you aware of the difference between HTTP and HTTPS? What are your thoughts on Google Chrome’s plans to increase awareness? Tell us via Twitter @ESETUK


Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.