The latest version of Google’s Chrome browser gives us the benefit of a faster user experience, and it also aims to provide users with improved security and a safer browsing environment. One significant change is the introduction of Chrome Security Warnings. The browser is overtly displaying a warning message to make users aware of websites that are not secure; in other words, sites that are not running the HTTPS protocol.
As a quick reminder, you will recognise secure websites that are running HTTPS because they have the comforting, green padlock and the addition of the word Secure. You can see it on our website like this:
For web pages that are asking for secure data, such as logins, but have not implemented this basic security standard, a message now displays a Not secure warning next to the address like this:
For other non-secure pages, it displays just the letter “i” for “information” in the circle now appearing next to the web address. Eventually, it is proposed that these sites will be flagged with an alarming red warning triangle.
When a user clicks on the circle, a drop down menu will display the warning:
Your connection to this site is not secure. You should not enter any sensitive information on this site (for example passwords or credit cards) because it could be stolen by attackers.
It will also then display all the cookies being used on the site, which is certainly not going to delight any visitors.
Why Is Chrome Giving This “Site Not Secure” Warning?
Google wants to make the Internet safer, and by issuing these Chrome Security Warnings and pointing fingers at sites that don’t meet standards it will kick start businesses into action.
While visitors are not being blocked from going to non-secure sites, this is a first step in Google enforcing basic security standards on websites.
Google has also made it clear that running a secure site is now a search engine ranking signal and there are also signs that Google is interested in how users behave on non-secure sites.
What Do I Need to Do Next?
It’s easy – just get your site properly configured using the appropriate security protocols.
We have written a comprehensive guide to migrating your site to HTTPS, and as a quick warning, you really do need a plan to implement this correctly.