Relevant Items

Coming Soon - More Not Secure Browser Warnings | BLOG

September 25, 2017

Chrome currently issues a “Not secure” browser warning for pages accepting password and/or credit card data that are not protected by HTTPS. The release of Chrome 62 due in October 2017 extends the “Not secure” warning to include any non-HTTPS page that accepts data from website visitors. In addition, these pages will also show “Not secure” when visited by users in Chrome Incognito mode to protect these users who are considered to use this mode as a security baseline.

With an anticipated release date of October 17, 2017, domain owners still have a few weeks to encrypt any sites that should be protected that might otherwise prevent users from entering their website.

Website owners and administrators need to consider the Always-On SSL concept to provide the following advantages:

  • Security for all websites and pages regardless of content
  • Mitigate known HTTP vulnerabilities
  • Provide browser user privacy
  • Support HSTS that will provide a browser error if the site is not secure
  • Support HTTP/2 providing higher performance and less latency
  • Improved search rankings for Google
  • Higher trust indicators to assure visitors and avoid the “Not secure” browser warning
  • Increase user confidence to bolster conversion rates

Google states that, “Eventually, we plan to show the “Not secure” warning for all HTTP pages, even outside Incognito mode.” The big word ALL should encourage all domain owners to execute on a plan to encrypt all sites with an SSL/TLS certificate to avoid disruptive user experiences. 

 

By Bruce Morton, Director, Certificate Technology & Standards  

Bruce Morton has worked in the public key infrastructure and digital certificate industry for more than 15 years and has focused on SSL and other publicly trusted certificates since 2005. He has been an active member of the CA/Browser Forum that released guidelines for extended validation (EV) certificates and Baseline Requirements for SSL certificates. Bruce oversees the governance and compliance of Entrust’s publicly trusted PKI.