February 22, 2018

“Secure or Not Secure, that is the Question” – Google Regarding Chrome 68

Google recently announced beginning in July 2018, with the release of Chrome 68, web pages loaded without HTTPS will be marked as “not secure”.

At first, a change like this can seem like another way for Google to earn more money. The safer you feel on the web, the more time you’ll spend interacting with Google services and advertisements. While probably true in this case, it doesn’t diminish the fact that this is a very good change for everyone using Chrome. All users can benefit from a better visual representation showing the site they are currently visiting may not be secure.

HTTPS offers two major security benefits when compared to HTTP.

  • First, it allows for the certificate to confirm the website you are visiting is the website you intended to visit. (which is why training users on checking certificates is always recommended)
  • Secondly, HTTPS allows client-to-server communication to be encrypted, thus protecting the traffic from Man in the Middle attacks.

While Google has made a major change to protect its user’s it is still crucial to understand that HTTPS browsing is not a silver bullet. Malicious content CAN and often IS hosted via HTTPS websites.

What does this change mean for you? If you are a Chrome user, you can feel happy knowing that you will have a better visual representation that the site you are on is not secure. If your organization has a website that uses HTTP, you may want to migrate to HTTPS. Otherwise, Chrome users that visit your site will see an ominous sign indicating that your website is “not secure” and may navigate to a competitor’s site.

For more information, see the Google announcement included at this link https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html.

Past Weekly Security Tips – WST