Blog

Google Chrome 68 HTTP Flags

In late July 2018 Google will be releasing Chrome 68, and a change is coming with this release. From July, all web pages that aren’t HTTPs will be flagged by Chrome as not being secure. A site gains the “s” by having a certificate from a trusted Certificate Authority installed.

To put it simply, these certificates keep information entered into a website secure so that criminals don’t access it. This new release will flag every website that doesn’t have a trusted certificate installed in an effort to help consumers recognise unsafe websites.

How do you tell if the site is secure?

Since Chrome 56 was released, Google have been flagging sites that request log in or payment details without a certificate as not secure, so you’ve probably seen the below screenshots at some point.

I’m running Chrome 64 currently, and you can tell whether a website is secure or not within Chrome from the address bar. There are four different alerts (although two look the same).

Firstly – Not Secure with an invalid certificate. When you visit the website there will be two big warning signs. You’ll see the address bar and an alert from Chrome itself like the below.

Not Secure - address barNot Secure - browser
The invalid certificate means that the certificate is either expired, or not issued by a Certificate Authority.

If there is no certificate and the website doesn’t require log in or payment information, you’ll get a grey Information symbol. You’ll also get the same symbol if you have used what’s called a Self Signed Certificate. You get this from manually typing in “https://webaddresshere.com”. This will force the website to use encryption, however it may not be secure as it isn’t issued by a Certificate Authority. This is what your address bar will show you;

http - no certificate
http – no certificate
https manually typed - self signed certificate
https manually typed – self signed certificate

If the site has a valid certificate from a Certificate Authority, it will show green and say Secure in the address bar, as per the below.

Valid SSL

What does this mean for you?

As a business owner, if you have a website, it means that between now and July you’ll need to ensure your web developer or IT team have a certificate in place. Typically all websites with a checkout system or a request for passwords have an SSL or TLS certificate from a trusted authority already due to Chrome 56 flagging websites without it.

Chrome browsers are used by almost 60% of consumers (statcounter). If your site doesn’t have an SSL installed by July, almost 60% of consumers will have a red “Not Secure” flag every time they visit your website. Clicking on the flag will advise the user not to enter any sensitive information on the website and state that the connection isn’t secure, or possibly warn them away from the website altogether.

Our Recommendation

To ensure you website is flagged as secure, speak to your IT team or web developer about purchasing and installing a certificate, or contact us today for a free quote on 1300 823 226 or sales@ruletech.com.au.

Downtime Assassin is dedicated to taking care of all aspects of your I.T. systems – so you can focus on running your business