Google reminds website owners to move to HTTPS before October deadline.
With the release of Chrome v62 in less than 3 months, Google will begin marking non-HTTPS pages with text input fields—like contact forms and search bars—and all HTTP websites viewed in Incognito mode as “NOT SECURE” in the address bar.
The company has started sending out warning emails to web owners in August as a follow-up to an announcement
by Emily Schechter, Product Manager of Chrome Security Team, back in April.
Google began marking sites in Chrome v56, which was issued in January of this year. They targeted HTTP sites that
collect user passwords and credit card details.
For owners to secure the information being shared among their visitors and their web server, they must start
incorporating an SSL certificate. Failing to do this is risky for both parties: sites that allow the sending of
information in clear text may also allow its exposure through the Internet.
Ms. Schechter also provided website owners with a handy guide on how to enable HTTPS on their servers. An
additional guideline on how to avoid the “NOT SECURE” warning on Chrome is also available for web developers.
Looking at the way things are panning out, we can be confident that HTTPS will be the norm in no time. However,
this doesn’t mean that all sites using SSL certificates can and should be trusted.
Google intended to separate phishing sites from legitimate ones with the marking of insecure sites, as Help Net
Security noted in an article. Unfortunately, the introduction of new browser versions capable of flagging sites
also promptly introduced more phishing sites using HTTPS. We’ve been seeing examples of this in the wild, as well,
the latest of which was an Apple phishing campaign.
Discerning phishing pages from the real ones has become more challenging than ever. This is why it’s important
for users to familiarize themselves with other signs that they might be on a phishing page apart from the lack of
SSL certificates. Fortunately, users don’t have to look far from the address bar when they want to double-check
that they’re on the right page before entering their credentials or banking details