View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Goodbye Green Lock on Web Addresses

No More Green Locks to Show You The Way

By CBR Staff Writer

There will be no more green locks to advise Chrome users that web pages they are using are secure, as Google phases out its security icon.

‘’Chrome will roll this out over time, starting by removing the “Secure” wording and HTTPS scheme in September 2018,’’ stated Emily Schechter from Chrome Security in a blog post.

The aim is to highlight insecure HTTP sites rather than secure HTTPS ones by default. Schechter points out that going forward customers will be warned when there’s an issue: “We’ll step towards removing Chrome’s positive security indicators so that the default unmarked state is secure.’’

Previously, HTTP usage was too high to mark all HTTP pages with a strong red warning, but in October 2018 (Chrome 70) will start showing the red “not secure” warning when users enter data on HTTP pages.

The secure indicator for web users is now contained in the ‘S’ at the end of HTTPS (Hyper Text Transfer Protocol Secure) at the beginning of the web address.

Over the last 5 years Google has monitored a sharp increase in usage of HTTPS over the former less secure non-encrypted HTTP.

However some security experts warned that those who manage websites may find the the job at their end to update their certificates is a painful one.

Content from our partners
How the retail sector can take firm steps to counter cyberattacks
How to combat the rise in cyberattacks
Why email is still the number one threat vector

‘’Just the task of discovering these and making sure they are upgraded to HTTPS will be a big task and, if done manually, there are likely to be gaps which cause disruption to customers and business processes’’ claimed Craig Stewart, VP of cyber security company Venafi, in a comment to Computer Business Review.

‘’Unless organisations are able to identify where their HTTP certificates are, and then have the flexibility to revoke and replace these with HTTPS certificates, they will be faced with customers, partners and prospects refusing to access a seemingly insecure site.’’

Stewart mirrored the view coming from Google that all websites should just be considered secure “as the de facto standard”.

He added: “It’s those sites that do not use HTTPS that should be brought to our attention so that we do not use them.’’

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy