Apple Adding HTTP Security Warning in Safari Technology Preview 46
Safari is joining Firefox and Chrome in warning users about HTTP pages
An Apple Insecure Form Warning is on the way. Safari Technology Preview is an advanced version of its Safari browser that allows you to see cutting-edge advancements that are still being finalized for official release. It’s kind of like Chrome Canary in that sense.
Safari Technology Preview version 46 is out now for macOS Sierra and High Sierra, and with it comes one major change to its UI. Now a security warning will show in the Smart Search field (the address bar) when users interact with a password or credit card form on a non-secure page.
And if you miss the warning, you’ll be prompted with this message – which is already active in the current version of Safari (11).
This is not exactly what Google and Mozilla have been doing all year, though it is similar.
Chrome and Firefox both began marking sites with non-secure password fields “Not Secure” back in January. Since then the warning has expanded to any site with a text field served via HTTP. The difference is Google and Mozilla put their security warnings right beside the URL in the address bar. As you can see above, Apple doesn’t warn you unless you click the Smart Search field.
Frankly, I don’t think Apple is being explicit enough with these indicators. Google’s practically slap you in the face. Mozilla seems to be more in line with that think than with Apple’s. Granted Apple has a much different UI than either of the other browsers, but it’s taking too many liberties in the name of aesthetics.
The warnings need to be more obvious.
Of course, this is all part of a bigger plan by the browsers to mandate HTTPS. Google, Mozilla and Apple (with Microsoft sure to follow suit) want you to install an SSL certificate and migrate to HTTPS. SSL secures the connections between a website and its visitors with encryption. That prevents eavesdropping and Man-in-the-middle attacks.
Eventually, the browsers plan to mark any webpage served via HTTP as “Not Secure.”
For now, though, the warnings are being slowly rolled out to give website owners and hosting companies an opportunity to prepare. Chrome is expected to upgrade its security warning next Spring to the point it will tag any website without encryption. Obviously, Google or Apple telling your visitors that your site’s not secure is going to have an impact on your bottom line.
So if you haven’t figured it out already, it’s time to get SSL.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownA Call To Let’s Encrypt: Stop Issuing “PayPal” Certificates
in Industry Lowdown