View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Goodbye Green Lock on Web Addresses

No More Green Locks to Show You The Way

By CBR Staff Writer

There will be no more green locks to advise Chrome users that web pages they are using are secure, as Google phases out its security icon.

‘’Chrome will roll this out over time, starting by removing the “Secure” wording and HTTPS scheme in September 2018,’’ stated Emily Schechter from Chrome Security in a blog post.

The aim is to highlight insecure HTTP sites rather than secure HTTPS ones by default. Schechter points out that going forward customers will be warned when there’s an issue: “We’ll step towards removing Chrome’s positive security indicators so that the default unmarked state is secure.’’

Previously, HTTP usage was too high to mark all HTTP pages with a strong red warning, but in October 2018 (Chrome 70) will start showing the red “not secure” warning when users enter data on HTTP pages.

The secure indicator for web users is now contained in the ‘S’ at the end of HTTPS (Hyper Text Transfer Protocol Secure) at the beginning of the web address.

Over the last 5 years Google has monitored a sharp increase in usage of HTTPS over the former less secure non-encrypted HTTP.

However some security experts warned that those who manage websites may find the the job at their end to update their certificates is a painful one.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

‘’Just the task of discovering these and making sure they are upgraded to HTTPS will be a big task and, if done manually, there are likely to be gaps which cause disruption to customers and business processes’’ claimed Craig Stewart, VP of cyber security company Venafi, in a comment to Computer Business Review.

‘’Unless organisations are able to identify where their HTTP certificates are, and then have the flexibility to revoke and replace these with HTTPS certificates, they will be faced with customers, partners and prospects refusing to access a seemingly insecure site.’’

Stewart mirrored the view coming from Google that all websites should just be considered secure “as the de facto standard”.

He added: “It’s those sites that do not use HTTPS that should be brought to our attention so that we do not use them.’’

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU