PDA

View Full Version : Google will soon notify Chrome users of unsecure websites



Harold Mansfield
09-10-2016, 12:22 PM
This is huge news.


In an announcement published to the Google Security Blog on Thursday, the search giant said users of its Chrome browser will be warned when accessing non-secure websites, starting January 2017.
Users won't be blocked from accessing non-secure sites, but they will be alerted when visiting an address that doesn't use an encrypted connection.



From Google


To help users browse the web safely, Chrome indicates connection security with an icon in the address bar. Historically, Chrome has not explicitly labelled HTTP connections as non-secure. Beginning in January 2017 (Chrome 56), we’ll mark HTTP sites that transmit passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.

https://security.googleblog.com/


This will undoubtedly have a huge impact on everyone. Whether or not your site asks for credit card or personal information, I'm sure no one wants their users and website visitors seeing that warning.

Will any of you update your website security, or is it no big deal?

Brian Altenhofel
09-11-2016, 05:12 AM
There's really no reason to not run HTTPS on everything today.

Harold Mansfield
09-11-2016, 12:00 PM
I agree. And they've been telegraphing for a couple of years now that they give some weight to secure sites over non secure sites. Since we don't get all of the information about how they determine position, it's not out of line to think that it will become even more important in your SEO leading up to the full 2017 implementation.

Basically they're telling us point blank to do this and have been for a while now. We should probably listen.

nduncan
09-12-2016, 03:10 AM
The last time I looked, around 60% or more of websites didn't have HTTPS at all. It will be interesting to see how this rolls out as it could be really disruptive to search in general. On the other hand, it could create a lot of short term work for web designers in adding SSL certificates to sites.

I will certainly look at updating all of my sites to add an SSL certificate.

Brian Altenhofel
09-12-2016, 04:06 AM
By the way - https://letsencrypt.org/ - free signed SSL certificates.

Harold Mansfield
09-12-2016, 12:47 PM
By the way - https://letsencrypt.org/ - free signed SSL certificates.
Brian have you used this before or are you currently using it?
Was wondering if you have any feedback that you could share. Pros and cons.

adamxtubeage
09-14-2016, 05:26 PM
Brian have you used this before or are you currently using it?
Was wondering if you have any feedback that you could share. Pros and cons.

Letsencrypt is a very good tool and now almost all shared hosting providers provide this service in their cpanel free of cost and the best thing its "Snowden" project and you can use it on unlimited domains but only the limitation is you have to renew it every 3 months but if this service is provided by your hosting then you do not need to do anything as they will take care of autorenewal :)

Sarah K
09-27-2016, 11:16 PM
Thanks for the heads up! Shouldn't be a big deal for my websites, they don't directly sell anything, but good to know.

Brian Altenhofel
09-28-2016, 05:28 AM
Brian have you used this before or are you currently using it?
Was wondering if you have any feedback that you could share. Pros and cons.

I don't know how I missed this response. Might have checked the forums half asleep that day or something.

Yes, I currently use it, but mostly for clients that only need to secure their login. The reason I don't use it for general e-commerce at this time is it's been unclear whether it would be considered a reputable signed certificate by insurers, so in those cases spending the $30 or less per year for a certificate from someone that is widely recognized outside of the the Internet world makes more since.

The short lifetime (90 days) has one main benefit - smaller window of exposure in the event of a compromised private key.

dewalds86
09-28-2016, 05:54 AM
Does it refer to websites that dont have ssl or websites that are deemed unsafe due to antivirus?

Harold Mansfield
09-28-2016, 10:31 AM
I don't know how I missed this response. Might have checked the forums half asleep that day or something.

Yes, I currently use it, but mostly for clients that only need to secure their login. The reason I don't use it for general e-commerce at this time is it's been unclear whether it would be considered a reputable signed certificate by insurers, so in those cases spending the $30 or less per year for a certificate from someone that is widely recognized outside of the the Internet world makes more since.

The short lifetime (90 days) has one main benefit - smaller window of exposure in the event of a compromised private key.

I just watched Security Now with Steve Gibson yesterday and he said that it was adequate for testing environments, but at the moment it's a little bloated, and the fact that it's open kind of concerns him.
https://twit.tv/shows/security-now/episodes/579?autostart=false

They also talked a lot about Firefox and WoSign and how there needs to be a zero tolerance attitude from CA's.
Firefox ready to block certificate authority that threatened Web security | Ars Technica (http://arstechnica.com/security/2016/09/firefox-ready-to-block-certificate-authority-that-threatened-web-security/)

The whole episode just made me want to skip taking the chance and just spend the $70 or whatever it costs from my host now.

Darcie-amber
06-19-2017, 09:46 AM
Google wants everything on the web to be travelling over a secure channel. That's why in the future your Chrome browser will flag unencrypted websites as insecure, displaying a red "x" over a padlock in the URL bar.
Not bad at all. Thanks for managing to keep some of us in check. I read a lot of general news but sometimes you really can't keep up with everything that is happening! :)

DianJohnson
06-02-2018, 06:33 AM
I concur. What's more, they've been transmitting for two or three years now that they give some weight to secure locales over non secure destinations. Since we don't get the greater part of the data about how they decide position, it's not out of line to feel that it will turn out to be considerably more essential in your SEO paving the way to the full 2017 execution.

jeffscott
06-07-2018, 05:15 AM
Its already stated on the search results whether your site is secured or not.