Chrome now warns for all unsecured websites
16 August 2018
The popular Google Chrome browser version 68 was released at the end of July. From this version, all websites without an HTTPS connection show an 'unsafe' message informing visitors that the connection is not secure - a change that can have a lot of impact when we look at the current situation.
Warning becomes more serious
This change is a turning point. Instead of marking safe websites as such, Chrome and following browsers will be marking unsafe websites.
The 'Not secure' warning shows up since October 2017 as soon as you enter something in a form on a website without HTTPS. From July this year, all websites without an SSL certificate will be displayed as unsafe, whether or not it contains input fields. The warning is displayed on all pages that do not use a secure HTTPS connection by default. As of October (Chrome 70), the warning for entry fields without HTTPS will become more noticeable. As soon as you type something, the 'Not Secure' message will become red and marked with a warning triangle.
The strong increase in the use of HTTPS also causes a significant increase of SSL abuse by phishing websites. Certificates without company data are being used for this purpose, because they are cheap and easily available. Partly because of this, Google has announced that the green lock with the indication 'Secure' in the address bar will change to a grey lock from Chrome 69 (to be released in September 2018). From here on, the green address bar with company name will be shown only for EV certificates.
Impact on visitor behavior
A browser that warns website visitors that a website is not safe has a direct influence on the (online) reputation of websites and website visitor behavior. Recent research by DevOps shows that more than 90% of respondents are worried about their online security, and that they have a preference for companies that are committed to protecting sensitive information. The fact that Chrome is the most used browser increases the impact by these changes. Chrome’s market share is around 60% worldwide, and this share is steadily increasing. In addition, Mozilla Firefox has been displaying warnings for unsafe entry fields for quite some time.
Nevertheless, figures from Qualys show that in June this year, just under 60% of the most popular websites use HTTPS. The percentage is probably even lower among smaller websites, blogs etc.
Prevent browser warnings and stay green
Without an SSL certificate, Chrome will mark a website as unsafe. With a Domain Validation certificate, a website is marked as safe because data traffic is encrypted via HTTPS. However, this does not make a website instantly reliable or easily recognisable as reliable. For this purpose you’ll need an SSL certificate with Extended Validation. Only an EV SSL certificate shows the company name, and, in the long run, the green lock as well, which shows security and reliability. Visitors then immediately recognize that data they fill in is encrypted, and that they are really on your company's website instead of on a phishing website.