Google Chrome is Changing its SSL Security Indicators
New version of Google Chrome will include changes to the visual indicators for SSL/TLS.
When you connect to a website, your web browser shows you a security indicator to tell you about the connection your computer has to that site. When a site is using SSL, all major browsers will display “https://” at the beginning of the URL in the address bar, along with a green padlock icon. These indicators tell you that your connection is private and encrypted, both features enabled by SSL/TLS.
Lately, browsers have been tinkering with these icons as they learn more about how to build more effective security UX. In a new release of Google Chrome, we can get a peek at changes of most security indicators related to SSL.
Depending on what OS you are using, you may already be seeing these changes. For Mac OS, these changes are part of Version 52 of Chrome, which was released one week ago. Windows users will be waiting one more release, until Version 53.
For the most part, these changes are small – mainly stylistic. For sites loading over HTTP (which is not secure), the blank page icon has been replaced with an info icon. For sites with badly misconfigured HTTPS, the padlock-with-red-X has been replaced with an exclamation point inside a red triangle.
The indicator for sites with properly configured SSL is only see stylistic changes. However, for sites using an Extended Validation (EV) SSL certificate, there are bigger changes coming (read on to the next section).
On Windows, we can expect v53 to become the stable version around September of this year[1]. At that point, the general internet audience will see this new UI. If you want to see the changes for yourself today, just make sure you have updated your browser on Mac, or download Chrome Canary for Windows and head over to badssl.com, an excellent website that allows you to test a variety of SSL configurations.
Browsers Change EV SSL UI
Extended Validation (EV) SSL Certificates offer the highest level of validation and confirm the real-world legal organization operating a website. The major web browsers recognize this and have an additional UI element for EV SSL Certificates.
Until recently, this unique UI was the “green address bar” (or “green bar”). That name refers to the green rectangle that surrounded the validated organization name. Of the four major browsers – Chrome, Firefox, Edge, and Safari – only Chrome still has the green bar (see below).
In addition to the other changes to Chrome’s security UI, they will also join the rest of the browsers in replacing the green bar.
In its place, all four browsers prominently display the organization name in green (and most also include the country where the organization is legally registered/incorporated). This change is a result of user studies and a reframing of SSL’s security benefits.
Below you can see screenshots of how EV SSL certificates are treated in the upcoming version of Chrome, and the current versions of Firefox, Edge, and Safari.
On Windows, expect to see all these changes landing in Chrome 53, which should be released around September. Chrome’s security team remains hard at work on their plan to simplify security UX and eventually flip the paradigm by actively showing HTTP as unsecure. We will be here to cover the security indicators and UX of all browsers as they progress.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownPayPal Phishing Certificates Far More Prevalent Than Previously Thought
in Industry Lowdown