Nov 102018

If you use Chrome you may have noticed it flagging up websites as “not secure”

SecurityIn the past, most connections to websites have been unencrypted. In other words, anyone capable of “listening in” to such a connection could have understood everything that passed between the user and the website – in both directions. Clearly, this could have serious implications. If, for instance, you have just typed in all the details of your debit card to make an online purchase then all those details could be intercepted.

For some time, therefore, pages that displayed or requested sensitive information have been secured by something called SSL (Secure Socket Layer). This means that all traffic to and from that page has been encrypted such that no-one “listening in” could understand the data being transmitted in either direction. The full address of a non-encrypted page begins with “http” – eg http://www.davidleonard.london. Encrypted pages begin with “https” – eg https://www.google.co.uk.

Secured pages have traditionally cost the website owner more than unsecured ones, so it has been quite common for websites to have a combination of secured and unsecured pages. Things are changing, however, and more and more websites have moved over to having all their pages secured.

Chrome-not secure

Chrome’s scary message when a web page is not secure.

As anyone with a Google email account will know, Google are very hot on security and getting more so. Google do, of course, also give us the Chrome browser (software for viewing websites). Since July, Chrome has been flagging up any website that you visit that does not have SSL with the rather scary “not secure” (see illustration). As a website owner, I could feel a tad miffed at Google over this. I do not ask for any sensitive information on my website. The most sensitive it gets is in asking for contact details of anyone who would like me to get in touch. If a client wishes to settle one of my invoices online then I use PayPal to handle this, so the user is passed to secured PayPal pages before any sensitive information is requested. I could argue, therefore, that it is a bit over the top for Chrome to frighten my website visitors with “not secure” next to the address of every web page.

Edge - secure

The padlock in Edge showing that the web page is secure

Nevertheless, I can’t deny that, generally speaking, sites that are secure are a better idea than sites that are not secure. Changing from unsecured to secured pages has cost money and been an admininstrative pain in the past. However, all that is getting easier. I am happy to go with the flow in this respect and will be going over to a secure site some time early in the new year. I am sure that many other websites will be doing the same in the coming months. No doubt Google’s policy of flagging up non-secured sites will be speeding up this process for many of us website owners (myself included!)

Safari - secure

The padlock in Safari showing that a web page is secure

I would, however, like to stress that just because Chrome points out that a website is “not secure” it does no mean that it is dangerous to visit. It just means that all communication with that website (in both directions) is unencrypted, so don’t give any private or sensitive information to any web page that does not begin with “https”.

All the major browsers (Firefox, Edge, Chrome, Safari, Opera) indicate when a web page is secure by showing a small padlock next to the address. This is, obviously, absent when a page is not secure, but it is only Chrome that emphasises this fact by telling you so.

© 2011-2018 David Leonard
Computer Support in London
Privacy Policy Suffusion theme by Sayontan Sinha