How Chrome is Shaking Up the Conventional Advice
There are two major types of websites out there, HTTP and HTTPS. The primary difference between them is that the one with the S at the end signifies that the data was sent through a secure connection, meaning that there are extra layers of security there to shield it from any prying eyes. It’s been a best practice for a long time to make sure that any sensitive data sent to or from a website utilizes a secure connection. This is done by looking for the padlock icons in the address bar.
Google is finally stepping up its game by labeling businesses that don?t encrypt their communications with their host server. Chrome will notify users when they are surfing a site that isn?t using HTTPS. The idea is that this is supposed to put the pressure on websites that have yet to adopt HTTPS. Since Chrome is the most popular web browser, it makes sense that this approach could spark a revolution in website security. So far, the approach is seen as ideal by security professionals.
What Are Other Browsers Doing?
The other major web browsers, Safari, Firefox, and Edge, also have some plans for how they will handle unencrypted websites in the future. However, not all of them plan on flipping the script in such a dramatic way.
- Firefox: It’s likely that Firefox will follow a similar path to Google Chrome. Firefox is still subscribing to the ?confirming the page is secure? method. Firefox will also tell you whether or not the HTTP page contains a login form with a padlock that is stricken through. There is even a warning that pops up when the cursor moves over any of these fields. In the future, the browser will display all HTTP pages with the strike-through padlock, even if there aren?t any forms.
- Safari: Apple has yet to deviate from tradition. By this, we mean that the browser just confirms that the connection is secured by showing the lock. However, Apple has taken other, different steps toward ensuring the security of its users. If a user attempts to log into an HTTP page, the page will inform them with alerts popping up into the field and the address bar, much like Firefox does now.
- Edge: Microsoft Edge only tells a user when a page is protected, but there are other options in place that allow the user to access even more information about their connection. This information can reveal if the connection isn?t encrypted, identifying it a potential risk. This same feature doesn?t extend to the input fields on unencrypted pages, though. We don?t feel like Edge is doing enough to warn users about unsafe browsing.
Are you unsure of how to keep your business secure? Reach out to White Mountain IT Services at (603) 889-0800.