The estimated reading time for this post is 4 minutes
When you visit websites, you should know which ones are secure and which ones may be prone to hacking. But you may not think to check a website to see whether it’s secure.
Secure websites are encrypted and have addresses that start with HTTPS instead of HTTP. But you may not look at a web address every time you visit a website to see whether it starts with HTTPS or HTTP.
Google announced in a blog post last week that an update coming to Chrome will warn users away from unsecured websites. Starting with the latest version of Google’s Chrome web browser, sites that have an HTTP address, instead of HTTPS, will show a warning that they are not secure.
See Google Chrome Blog: A milestone for Chrome security: marking HTTP as “not secure”.
What Is HTTP vs. HTTPS?
HTTPS is is shown in the web address for secure sites that are encrypted.
As Google states in its blog post, “When you load a website over plain HTTP, your connection to the site is not encrypted. This means anyone on the network can look at any information going back and forth, or even modify the contents of the site before it gets to you. With HTTPS, your connection to the site is encrypted, so eavesdroppers are locked out, and information (like passwords or credit card info) will be private when sent to the site.”
In other words, HTTPS websites are secure. HTTP websites are not secure and are vulnerable to hacking.
How to Know Whether a Website Is Secure
So knowing whether a website is secure is important and the latest Chrome update will alert you to unsecured websites. This update is rolling out to Chrome users, but with the current version of Chrome you can easily see whether a website is secure.
Click on the i in a circle at the beginning of the website address on Chrome. If a website is not secure, you’ll see this warning:
After the update, Chrome will show that the site is not secure if it’s HTTP so you won’t have to click on the i in a circle.
With the current version of Chrome, as well as with the update, Google Chrome will show “Secure” before the web address when you visit a website with HTTPS.
Note that The Wonder of Tech uses encryption, has an HTTPS address, and is a secure website.
Google is hoping that many more websites will transition to HTTPS and plans to remove the Secure designation by October 2018 so that a notice appears only when a website is not secure.
What to Avoid with HTTP Websites
When you visit HTTP websites, you should know that they are not secure. The information being transmitted to and from the website is not encrypted. You should avoid entering personal information or passwords on any forms on these unsecured websites that use HTTP.
You should also avoid entering password and payment information, such as your credit card number or PayPal login credentials, into these websites. If a retail website does not have an HTTPS address, you should not shop there.
Which Websites Are Affected
You may think that all major websites would be encrypted and have an HTTPS address. You may assume this problem only affects smaller websites.
But no.
Quite a few major websites have not been encrypted and do not have an HTTPS address. The website Why No HTTPS? lists the most popular websites on the Internet that are not secure. You can also find the 50 most popular unsecured websites in each country on this site.
Some of the unsecured websites that use HTTP may be surprising to you, such as Baidu.com, bbc.com, dailymail.co.uk, espn.com and more.
What Website Owners Should Do
If you run a website, be sure to encrypt your website and switch your site to HTTPS from HTTP to make your website secure. This way you can avoid Google warning Chrome users away from your site.
Google says in its blog post that these alerts for HTTP sites are not merely to warn Chrome users away from these sites, but also “motivates the site’s owner to improve the security of their site.”
Check out Google’s blog post to learn how to migrate your site to HTTPS from HTTP to make your site as secure as possible for your visitors.
Your Thoughts
Do you look for HTTPS at the beginning of a web address to make sure the site is secure? Do you appreciate Google alerting Chrome users when a site is not secure? Would seeing an alert from Google affect whether you visit a website?
Share your thoughts in the Comments section below!
__________
*https image (edited) courtesy of Sean MacEntee via Flickr and Creative Commons
Chrome Lock image (edited) credit Google Chrome Blog.
Hi Carolyn,
Good piece of information. Google basically wants all its visitors to be safe and secured. Hence they are encouraging website owners to get SSl certificate and changed to HTTPS which is in fact a good thing.
Thanks for sharing this post. have a good day. 🙂
Hi Sajid, You are exactly right. Google is making this move to ensure that people who use Chrome realize when a website they visit isn’t secure. This also encourages website owners to use encryption to make their sites secure so they won’t have to worry about users being scared away.
Formerly, many websites that weren’t retail sites didn’t use HTTPS because they didn’t see a need for encryption. But hackers are getting more sophisticated so even websites that aren’t retail sites can benefit from HTTPS.