Google is looking to deliver even greater transparency when it comes to online security by identifying publicly – or “marking”, as it puts it – websites that are not as secure as they should be.
In a blog, Emily Schechter, a product manager within the tech giant’s Chrome security team, revealed that as of 2017, its browser will label HTTP sites “that transmit passwords or credit cards” as being insecure.
This is part of Google’s wider effort to make the web as secure as possible, and for HTTPS to be a standard across the board.
“Chrome currently indicates HTTP connections with a neutral indicator,” elaborated Schechter.
“This doesn’t reflect the true lack of security for HTTP connections. When you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you.”
The first phase of Google’s HTTPS strategy – which is going to be staggered – is to identify HTTP websites that specifically have credit card and/or password form fields.
Speaking to Motherboard, Schechter said: “We definitely do plan to label all HTTP pages as non-secure eventually.
“We really wanted to be careful about it and we wanted to get it right.”
Last year, Google described HTTPS as a “cornerstone of internet security”, explaining that the protocol comes with numerous benefits.
This includes making it much harder for cybercriminals to access sensitive information, as well as alerting users to possibly malicious websites.
by Narinder Purba, ESET We Live Security