When you visit websites, you should know which ones are secure and which ones may be prone to hacking. But you may not think to check a website to see whether it’s secure.
Secure websites are encrypted and have addresses that start with HTTPS instead of HTTP. But you may not look at a web address every time you visit a website to see whether it starts with HTTPS or HTTP.
Google announced in a blog post last week that an update coming to Chrome will warn users away from unsecured websites. Starting with the latest version of Google’s Chrome web browser, sites that have an HTTP address, instead of HTTPS, will show a warning that they are not secure.
See Google Chrome Blog: A milestone for Chrome security: marking HTTP as “not secure”.
What Is HTTP vs. HTTPS?
HTTPS is is shown in the web address for secure sites that are encrypted.
As Google states in its blog post, “When you load a website over plain HTTP, your connection to the site is not encrypted. This means anyone on the network can look at any information going back and forth, or even modify the contents of the site before it gets to you. With HTTPS, your connection to the site is encrypted, so eavesdroppers are locked out, and information (like passwords or credit card info) will be private when sent to the site.”
In other words, HTTPS websites are secure. HTTP websites are not secure and are vulnerable to hacking.
How to Know Whether a Website Is Secure
So knowing whether a website is secure is important and the latest Chrome update will alert you to unsecured websites. This update is rolling out to Chrome users, but with the current version of Chrome you can easily see whether a website is secure.
Click on the i in a circle at the beginning of the website address on Chrome. If a website is not secure, you’ll see this warning:
After the update, Chrome will show that the site is not secure if it’s HTTP so you won’t have to click on the i in a circle.
With the current version of Chrome, as well as with the update, Google Chrome will show “Secure” before the web address when you visit a website with HTTPS.
Note that The Wonder of Tech uses encryption, has an HTTPS address, and is a secure website.
Google is hoping that many more websites will transition to HTTPS and plans to remove the Secure designation by October 2018 so that a notice appears only when a website is not secure.
What to Avoid with HTTP Websites
When you visit HTTP websites, you should know that they are not secure. The information being transmitted to and from the website is not encrypted. You should avoid entering personal information or passwords on any forms on these unsecured websites that use HTTP.
You should also avoid entering password and payment information, such as your credit card number or PayPal login credentials, into these websites. If a retail website does not have an HTTPS address, you should not shop there.
Which Websites Are Affected
You may think that all major websites would be encrypted and have an HTTPS address. You may assume this problem only affects smaller websites.
Quite a few major websites have not been encrypted and do not have an HTTPS address. The website Why No HTTPS? lists the most popular websites on the Internet that are not secure. You can also find the 50 most popular unsecured websites in each country on this site.
Some of the unsecured websites that use HTTP may be surprising to you, such as Baidu.com, bbc.com, dailymail.co.uk, espn.com and more.
What Website Owners Should Do
If you run a website, be sure to encrypt your website and switch your site to HTTPS from HTTP to make your website secure. This way you can avoid Google warning Chrome users away from your site.
Google says in its blog post that these alerts for HTTP sites are not merely to warn Chrome users away from these sites, but also “motivates the site’s owner to improve the security of their site.”
Check out Google’s blog post to learn how to migrate your site to HTTPS from HTTP to make your site as secure as possible for your visitors.
Do you look for HTTPS at the beginning of a web address to make sure the site is secure? Do you appreciate Google alerting Chrome users when a site is not secure? Would seeing an alert from Google affect whether you visit a website?
Share your thoughts in the Comments section below!
*https image (edited) courtesy of Sean MacEntee via Flickr and Creative Commons
Chrome Lock image (edited) credit Google Chrome Blog.