Google has taken one more step towards web security by officially announcing Chrome Version 68 to mark the non-HTTPS or unencrypted pages as ‘Not Secure’. About 2 years ago, Google started promoting the use of secured (HTTPS) pages, that serves as a better option for the users’ data security.
Currently, Google marks websites as ‘Secured’ which load over HTTPS, but Google will be pulling out the secure marker from Chrome in September 2018. In the official blog post, Google announced that Chrome 68 will be marking the non-HTTPS sites with ‘Not Secure’ marker from July only.
The tech giant had already made the browser capable of marking websites or pages as ‘Not Secure’ which collects bank or personal information. But, Previous updates were limited, and Chrome version 68 will be marking all the websites and their pages as ‘Not Secure’, if not using HTTPS encryption.
Further, Google added, “In October’s version of Chrome (70), you’ll see a red “not secure” notification when you enter data on an HTTP page.”
Previously, the websites using HTTP were too high, but in past few years, significant amount of website owners started using HTTPS or encryption and according to Chrome Transparency Report –
- 76 percent of Chrome traffic on Android is now protected, up from 42 percent.
- 85 percent of Chrome traffic on ChromeOS is now protected, up from 67 percent.
- 83 of the top 100 sites on the web use HTTPS by default, up from 37.
On few older Chrome versions also, the red ‘not secure’ marker in the URL address bar and a warning page used to come up, while visiting a website having installed a self-signed SSL certificate or an invalid certificate.
To load a website over HTTPS, webmaster needs to install SSL certificate on his website issued by a Certification Authority (CA). Browsers don’t usually recognize the self-signed SSL certificates. Out of three types of certificates issued by Certification Authority (CA), Domain Validated SSL or DV SSL is the cheapest and easiest to install. Also, Chrome is a Platinum sponsor of Let’s Encrypt, which provides free DV SSL. Let’s Encrypt SSL certificate is valid for 90 days and after that webmaster needs to renew it. ReportingAll.com also uses Let’s Encrypt SSL certificate.
Google concluded the blog post by adding, “we’ll continue to improve Chrome’s security, to make sure you’re using the most secure browser out there.”
Next time, before you enter your bank or personal details on any website, be sure to check that it uses HTTPS.