Sign up for our newsletter - Navigating the horizon of business technology​
Technology / Cybersecurity

Goodbye Green Lock on Web Addresses

There will be no more green locks to advise Chrome users that web pages they are using are secure, as Google phases out its security icon.

‘’Chrome will roll this out over time, starting by removing the “Secure” wording and HTTPS scheme in September 2018,’’ stated Emily Schechter from Chrome Security in a blog post.

The aim is to highlight insecure HTTP sites rather than secure HTTPS ones by default. Schechter points out that going forward customers will be warned when there’s an issue: “We’ll step towards removing Chrome’s positive security indicators so that the default unmarked state is secure.’’

Previously, HTTP usage was too high to mark all HTTP pages with a strong red warning, but in October 2018 (Chrome 70) will start showing the red “not secure” warning when users enter data on HTTP pages.

White papers from our partners

The secure indicator for web users is now contained in the ‘S’ at the end of HTTPS (Hyper Text Transfer Protocol Secure) at the beginning of the web address.

Over the last 5 years Google has monitored a sharp increase in usage of HTTPS over the former less secure non-encrypted HTTP.

However some security experts warned that those who manage websites may find the the job at their end to update their certificates is a painful one.

‘’Just the task of discovering these and making sure they are upgraded to HTTPS will be a big task and, if done manually, there are likely to be gaps which cause disruption to customers and business processes’’ claimed Craig Stewart, VP of cyber security company Venafi, in a comment to Computer Business Review.

‘’Unless organisations are able to identify where their HTTP certificates are, and then have the flexibility to revoke and replace these with HTTPS certificates, they will be faced with customers, partners and prospects refusing to access a seemingly insecure site.’’

Stewart mirrored the view coming from Google that all websites should just be considered secure “as the de facto standard”.

He added: “It’s those sites that do not use HTTPS that should be brought to our attention so that we do not use them.’’
This article is from the CBROnline archive: some formatting and images may not be present.

CBR Staff Writer

CBR Online legacy content.