Google’s efforts to make the web a safer place include the recent addition of a Not Secure
indicator in Chrome’s address bar for sites that are not using HTTPS encryption.
Up to this point, that indicator only appears when a web page includes boxes for entering passwords or credit card information. In the near future, Chrome will expand the conditions in which sites are flagged as Not Secure
. In October, Chrome 62 will start flagging as Not Secure
any unencrypted web page that includes any data entry boxes, and all unencrypted pages accessed while Chrome is in Incognito mode. Eventually, Chrome will flag all unencrypted pages as Not Secure
.
If you use Chrome, you’ve probably noticed that it also flags encrypted sites as Secure
. This is misleading, since all it means is that the site is using HTTPS encryption. It doesn’t imply that the site is safe to use, only that it is using an encrypted connection. A site flagged as Secure
can still be dangerous to visit, for example if it contains malware. Wordfence’s Mark Maunder recently wrote about the danger of assuming Chrome’s Secure
flag means ‘safe’.