Google’s Chrome web browser tightens screws on websites lacking HTTPS certification

In a move to secure personal information of visitors from cyber-thieves, Google's Chrome web browser is now offering alerts to warn users when they visit sites lacking HTTPS certificates.

Websites lacking HTTPS security certificates may not be able to prevent hackers from stealing personal information like card details, bank account numbers or passwords.

HTTPS is the latest website security certificate which assures users that they are on a safe website and that any information they send to the site is well-protected. As such, any website carrying the HTTP certificate or Secure Hash Algorithm (SHA-1) may not be able to completely secure confidential customer information. SHA-1 is an outdated encryption algorithm that has been known to be insecure since 2005. The modern security standard is the SHA-2 which all browsers now support.

Fortunately, popular browsers like Google Chrome are now displaying warnings to users mentioning some websites as insecure. When users visit secure websites, they can new view the green padlock on the address line for HTTPS transactions, which confirms that the site is secure.

For regular users, it is absolutely essential to check for HTTPS certificates before they conduct transactions online, access cloud servers, access e-mail or social media posts. To help them achieve this, Google Chrome is now marking non-HTTP sites a 'Not Secure' as soon as users start typing on such sites. Google is aiming to eventually mark all non-HTTPS pages as 'Not Secure' in red which will be more noticeable by visitors compared to the small 'i' logo which appears on the address line at present.

Back in February, leading cybersecurity company Venafi analysed data on over 33 million publicly visible IPv4 websites using Venafi TrustNet™, a proprietary database and real-time certificate intelligence service. This research discovered that over 1 in 5 certificates for unique IP addresses were still using SHA-1 as the signature hash algorithm.

Wikipedia, which enjoys among the highest web traffic among all websites, implemented HTTPS to encrypt all traffic on its websites in 2015. “The HTTPS protocol creates an encrypted connection between your computer and Wikimedia sites to ensure the security and integrity of data you transmit. Encryption makes it more difficult for governments and other third parties to monitor your traffic. It also makes it harder for Internet Service Providers (ISPs) to censor access to specific Wikipedia articles and other information," said the company.

"“Without encryption, governments can more easily survey sensitive information, creating a chilling effect, and deterring participation, or in extreme cases they can isolate or discipline citizens. Accounts may also be hijacked, pages may be censored, other security flaws could expose sensitive user information and communications," it added.

Copyright Lyonsdown Limited 2020