Google Chrome is about to start naming and shaming nearly half of the world’s websites, by putting a clear “Not Secure” warning next to thousands of popular online destinations which still use unencrypted HTTP connections.
Starting in January 2017, Google Chrome will flip the web’s security model. Instead of warning users only about https-encrypted sites with faulty or misconfigured encryption, as is current practice, they will instead flag all non-https sites which handle personal data as “not secure”.
Now, any user who visits an unencrypted site will receive an unmistakable red padlock alert in the Chrome address bar. Other browsers will soon follow suit.
This will be the beginning of a chain of events that will change the standard of online security forever. Is your organisation ready for the change?
For many web administrators, Google’s encryption-shaming may not be so welcome. Turning on HTTPS isn’t quite as easy as flipping a switch – however, they need to understand that security problems are not merely technical and time consuming but for the best in a world of technology.
“It’s easy to convince yourself not to do something, to not move forward,” says Parisa Tabriz (Head of Chrome Security at Google). ”If the world’s websites don’t want to get left behind, they’d better toughen up, too.”